Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01964-1 Final 1 1 2025-06-16T14:54:13Z current 2025-06-16T14:54:13Z 2025-06-16T14:54:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513). - CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507). - CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523). - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859). - CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510). - CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506). - CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502). - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852). - CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854). - CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856). - CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867). - CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875). - CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860). - CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861). - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868). - CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951). - CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056). - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077). - CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944). - CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962). - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541). - CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664). - CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519). - CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547). - CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627). - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ACPI: PPTT: Fix processor subtable walk (git-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: seq: Fix delivery of UMP events to group ports (git-fixes). - ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes). - ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes). - ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes). - Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes). - Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - pci: Drop PCI patch that caused a regression (bsc#1241123) - Fix write to cloned skb in ipv6_hop_ioam() (git-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes). - HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes). - IB/cm: use rwlock for MAD agent lock (git-fixes) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes). - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes). - Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes). - Input: xpad - fix Share button on Xbox One controllers (stable-fixes). - Input: xpad - fix two controller table values (git-fixes). - KVM: SVM: Allocate IR data using atomic allocation (git-fixes). - KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes). - KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes). - KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes). - KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes). - KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes). - KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes). - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes). - KVM: arm64: Mark some header functions as inline (git-fixes). - KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes). - KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes). - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes). - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes). - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes). - KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes). - KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes). - KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes). - KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes). - KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes). - KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657). - KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658). - KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes). - KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes). - KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes). - KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes). - KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes). - KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes). - KVM: x86: Make x2APIC ID 100% readonly (git-fixes). - KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes). - KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes). - KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes). - NFS: O_DIRECT writes must check and adjust the file length (git-fixes). - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes). - NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes). - NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes). - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes) - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes) - RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes) - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes) - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - mm: Revert commit (bsc#1241051) - Squashfs: check return result of sb_min_blocksize (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - RDMA: Update patch RDMA-core-Don-t-expose-hw_counters-outside-of-init-n.patch (git-fixes bsc#1239925). - kABI: Update patch kABI-fix-for-RDMA-core-Don-t-expose-hw_counters-outs.patch (git-fixes bsc#1239925). - nvme: Update patch nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149). - Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - add bug reference for an existing hv_netvsc change (bsc#1243737). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes). - afs: Make it possible to find the volumes that are using a server (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes) - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes) - arm64: insn: Add support for encoding DSB (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes) - arm64: proton-pack: Expose whether the branchy loop k value (git-fixes) - arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes) - arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes). - bnxt_en: Fix coredump logic to free allocated buffer (git-fixes). - bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes). - bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Scrub packet on bpf_redirect_peer (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: fix potential error return (git-fixes). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: adjust subpage bit start based on sectorsize (bsc#1241492). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342). - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208). - btrfs: avoid monopolizing a core when activating a swap file (git-fixes). - btrfs: do not loop for nowait writes when checking for cross references (git-fixes). - btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes). - btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - can: bcm: add locking for bcm_op runtime updates (git-fixes). - can: bcm: add missing rcu read protection for procfs content (git-fixes). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - can: slcan: allow reception of short error messages (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - check-for-config-changes: Fix flag name typo - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - cifs: change tcon status when need_reconnect is set on it (git-fixes). - cifs: reduce warning log level for server not advertising interfaces (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) - crypto: algif_hash - fix double free in hash_accept (git-fixes). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - devlink: fix port new reply cmd type (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: fix a warning on invalid table line (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dma-buf: insert memory barrier before updating num_fences (git-fixes). - dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes). - dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes). - dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes). - dmaengine: idxd: Fix ->poll() return value (git-fixes). - dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes). - dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes). - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mediatek: drop unused variable (git-fixes). - dmaengine: ti: k3-udma: Add missing locking (git-fixes). - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Avoid flooding unnecessary info messages (git-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes). - drm/amdgpu: fix pm notifier handling (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/edid: fixed the bug that hdr metadata was not reset (git-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm/v3d: Add job to pending list if the reset was skipped (stable-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix potential wrong error return from get_block (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes). - hv_netvsc: Remove rmsg_pgcnt (git-fixes). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - idpf: fix offloads support for encapsulated packets (git-fixes). - idpf: fix potential memory leak on kcalloc() failure (git-fixes). - idpf: protect shutdown from reset (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: fix lock order in igc_ptp_reset (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - inetpeer: remove create argument of inet_getpeer_v() (git-fixes). - inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4/route: avoid unused-but-set-variable warning (git-fixes). - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes). - ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes). - ipv4: Fix incorrect source address in Record Route option (git-fixes). - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - ipv4: fix source address selection with route leak (git-fixes). - ipv4: give an IPv4 dev to blackhole_netdev (git-fixes). - ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes). - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes). - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes). - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes). - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes). - ipv6: Align behavior across nexthops during path selection (git-fixes). - ipv6: Do not consider link down nexthops in path selection (git-fixes). - ipv6: Start path selection from the first nexthop (git-fixes). - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993). - jiffies: Define secs_to_jiffies() (bsc#1242993). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-obs-qa: Use srchash for dependency as well - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - loop: Add sanity check for read/write_iter (git-fixes). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: aio inherit the ioprio of original request (git-fixes). - loop: do not require ->write_iter for writable files in loop_configure (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) - md/raid1,raid10: do not ignore IO flags (git-fixes). - md/raid10: fix missing discard IO accounting (git-fixes). - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes). - md/raid1: Add check for missing source disk in process_checks() (git-fixes). - md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes). - md/raid5: implement pers->bitmap_sector() (git-fixes). - md: add a new callback pers->bitmap_sector() (git-fixes). - md: ensure resync is prioritized over recovery (git-fixes). - md: fix mddev uaf while iterating all_mddevs list (git-fixes). - md: preserve KABI in struct md_personality v2 (git-fixes). - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: phram: Add the kernel lock down check (bsc#1232649). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - neighbour: delete redundant judgment statements (git-fixes). - net/handshake: Fix handshake_req_destroy_test1 (git-fixes). - net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes). - net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes). - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes). - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes). - net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes). - net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: Add non-RCU dev_getbyhwaddr() helper (git-fixes). - net: Clear old fragment checksum value in napi_reuse_skb (git-fixes). - net: Handle napi_schedule() calls from non-interrupt (git-fixes). - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes). - net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: do not dump stack on queue timeout (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes). - net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: qede: Initialize qede_ll_ops with designated initializer (git-fixes). - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes). - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netdev-genl: avoid empty messages in queue dump (git-fixes). - netdev: fix repeated netlink messages in queue dump (git-fixes). - netlink: annotate data-races around sk->sk_err (git-fixes). - netpoll: Ensure clean state on setup failures (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: add list_head nf_gc to struct nfsd_file (git-fixes). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes). - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096). - nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme-tcp: fix premature queue removal and I/O failover (git-fixes). - nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvme: Add 'partial_nid' quirk (bsc#1241148). - nvme: Add warning when a partiually unique NID is detected (bsc#1241148). - nvme: fixup scan failure for non-ANA multipath controllers (git-fixes). - nvme: multipath: fix return value of nvme_available_path (git-fixes). - nvme: re-read ANA log page after ns scan completes (git-fixes). - nvme: requeue namespace scan on missed AENs (git-fixes). - nvme: unblock ctrl state transition for firmware update (git-fixes). - nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes). - nvmet-fc: inline nvmet_fc_free_hostport (git-fixes). - nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes). - nvmet-fc: take tgtport reference only once (git-fixes). - nvmet-fc: update tgtport ref per assoc (git-fixes). - nvmet-fcloop: Remove remote port from list when unlinking (git-fixes). - nvmet-fcloop: add ref counting to lport (git-fixes). - nvmet-fcloop: replace kref with refcount (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - octeontx2-pf: qos: fix VF root node parent queue index (git-fixes). - padata: do not leak refcount in reorder_work (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: Fix error handling in tegra_xusb_port_init (git-fixes). - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes). - phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes). - phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes). - phy: tegra: xusb: remove a stray unlock (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - qibfs: fix _another_ leak (git-fixes) - rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes) - rcu/tasks: Handle new PF_IDLE semantics (git-fixes) - rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes) - rcu: Introduce rcu_cpu_online() (git-fixes) - regulator: max20086: fix invalid memory access (git-fixes). - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scsi: Improve CDL control (git-fixes). - scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes). - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993). - scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993). - scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993). - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993). - scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993). - scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993). - scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993). - scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993). - scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966). - scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes). - scsi: qla2xxx: Fix typos in a comment (bsc#1243090). - scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090). - scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090). - scsi: qla2xxx: Remove unused module parameters (bsc#1243090). - scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090). - scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb3: fix Open files on server counter going negative (git-fixes). - smb: client: Use str_yes_no() helper function (git-fixes). - smb: client: allow more DFS referrals to be cached (git-fixes). - smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes). - smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes). - smb: client: do not retry DFS targets on server shutdown (git-fixes). - smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes). - smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes). - smb: client: fix DFS interlink failover (git-fixes). - smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - smb: client: fix hang in wait_for_response() for negproto (bsc#1242709). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - smb: client: fix potential race in cifs_put_tcon() (git-fixes). - smb: client: fix return value of parse_dfs_referrals() (git-fixes). - smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes). - smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes). - smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes). - smb: client: improve purging of cached referrals (git-fixes). - smb: client: introduce av_for_each_entry() helper (git-fixes). - smb: client: optimize referral walk on failed link targets (git-fixes). - smb: client: parse DNS domain name from domain= option (git-fixes). - smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes). - smb: client: provide dns_resolve_{unc,name} helpers (git-fixes). - smb: client: refresh referral without acquiring refpath_lock (git-fixes). - smb: client: remove unnecessary checks in open_cached_dir() (git-fixes). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes). - spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes). - spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes). - spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra114: Use value to check for invalid delays (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes). - tcp_cubic: fix incorrect HyStart round start detection (git-fixes). - thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes). - virtchnl: make proto and filter action count unsigned (git-fixes). - virtio_console: fix missing byte order handling for cols and rows (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: disable napi on driver removal (git-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - x86/xen: move xen_reserve_extra_memory() (git-fixes). - xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes). - xen: Change xen-acpi-processor dom0 dependency (git-fixes). - xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: split free interrupter into separate remove and free parts (git-fixes). - xsk: Add truesize to skb_add_rx_frag() (git-fixes). - xsk: Do not assume metadata is always requested in TX completion (git-fixes). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1964,SUSE-SLE-Module-Live-Patching-15-SP6-2025-1964,SUSE-SLE-Module-RT-15-SP6-2025-1964,openSUSE-SLE-15.6-2025-1964 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ Link for SUSE-SU-2025:01964-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021531.html E-Mail link for SUSE-SU-2025:01964-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1215199 SUSE Bug 1215199 https://bugzilla.suse.com/1220112 SUSE Bug 1220112 https://bugzilla.suse.com/1223096 SUSE Bug 1223096 https://bugzilla.suse.com/1223809 SUSE Bug 1223809 https://bugzilla.suse.com/1224013 SUSE Bug 1224013 https://bugzilla.suse.com/1224597 SUSE Bug 1224597 https://bugzilla.suse.com/1224757 SUSE Bug 1224757 https://bugzilla.suse.com/1226498 SUSE Bug 1226498 https://bugzilla.suse.com/1228659 SUSE Bug 1228659 https://bugzilla.suse.com/1229491 SUSE Bug 1229491 https://bugzilla.suse.com/1230581 SUSE Bug 1230581 https://bugzilla.suse.com/1230764 SUSE Bug 1230764 https://bugzilla.suse.com/1231016 SUSE Bug 1231016 https://bugzilla.suse.com/1231103 SUSE Bug 1231103 https://bugzilla.suse.com/1231910 SUSE Bug 1231910 https://bugzilla.suse.com/1232493 SUSE Bug 1232493 https://bugzilla.suse.com/1232649 SUSE Bug 1232649 https://bugzilla.suse.com/1232882 SUSE Bug 1232882 https://bugzilla.suse.com/1233075 SUSE Bug 1233075 https://bugzilla.suse.com/1233098 SUSE Bug 1233098 https://bugzilla.suse.com/1233192 SUSE Bug 1233192 https://bugzilla.suse.com/1234074 SUSE Bug 1234074 https://bugzilla.suse.com/1234154 SUSE Bug 1234154 https://bugzilla.suse.com/1234157 SUSE Bug 1234157 https://bugzilla.suse.com/1234698 SUSE Bug 1234698 https://bugzilla.suse.com/1235149 SUSE Bug 1235149 https://bugzilla.suse.com/1235501 SUSE Bug 1235501 https://bugzilla.suse.com/1235526 SUSE Bug 1235526 https://bugzilla.suse.com/1235550 SUSE Bug 1235550 https://bugzilla.suse.com/1235870 SUSE Bug 1235870 https://bugzilla.suse.com/1235968 SUSE Bug 1235968 https://bugzilla.suse.com/1236086 SUSE Bug 1236086 https://bugzilla.suse.com/1236142 SUSE Bug 1236142 https://bugzilla.suse.com/1236208 SUSE Bug 1236208 https://bugzilla.suse.com/1236704 SUSE Bug 1236704 https://bugzilla.suse.com/1237111 SUSE Bug 1237111 https://bugzilla.suse.com/1237312 SUSE Bug 1237312 https://bugzilla.suse.com/1237874 SUSE Bug 1237874 https://bugzilla.suse.com/1237882 SUSE Bug 1237882 https://bugzilla.suse.com/1238052 SUSE Bug 1238052 https://bugzilla.suse.com/1238212 SUSE Bug 1238212 https://bugzilla.suse.com/1238471 SUSE Bug 1238471 https://bugzilla.suse.com/1238473 SUSE Bug 1238473 https://bugzilla.suse.com/1238527 SUSE Bug 1238527 https://bugzilla.suse.com/1238565 SUSE Bug 1238565 https://bugzilla.suse.com/1238714 SUSE Bug 1238714 https://bugzilla.suse.com/1238737 SUSE Bug 1238737 https://bugzilla.suse.com/1238742 SUSE Bug 1238742 https://bugzilla.suse.com/1238745 SUSE Bug 1238745 https://bugzilla.suse.com/1238746 SUSE Bug 1238746 https://bugzilla.suse.com/1238774 SUSE Bug 1238774 https://bugzilla.suse.com/1238862 SUSE Bug 1238862 https://bugzilla.suse.com/1238961 SUSE Bug 1238961 https://bugzilla.suse.com/1238970 SUSE Bug 1238970 https://bugzilla.suse.com/1238983 SUSE Bug 1238983 https://bugzilla.suse.com/1238990 SUSE Bug 1238990 https://bugzilla.suse.com/1238992 SUSE Bug 1238992 https://bugzilla.suse.com/1239066 SUSE Bug 1239066 https://bugzilla.suse.com/1239079 SUSE Bug 1239079 https://bugzilla.suse.com/1239108 SUSE Bug 1239108 https://bugzilla.suse.com/1239470 SUSE Bug 1239470 https://bugzilla.suse.com/1239475 SUSE Bug 1239475 https://bugzilla.suse.com/1239476 SUSE Bug 1239476 https://bugzilla.suse.com/1239487 SUSE Bug 1239487 https://bugzilla.suse.com/1239510 SUSE Bug 1239510 https://bugzilla.suse.com/1239684 SUSE Bug 1239684 https://bugzilla.suse.com/1239691 SUSE Bug 1239691 https://bugzilla.suse.com/1239906 SUSE Bug 1239906 https://bugzilla.suse.com/1239925 SUSE Bug 1239925 https://bugzilla.suse.com/1239997 SUSE Bug 1239997 https://bugzilla.suse.com/1240167 SUSE Bug 1240167 https://bugzilla.suse.com/1240168 SUSE Bug 1240168 https://bugzilla.suse.com/1240171 SUSE Bug 1240171 https://bugzilla.suse.com/1240176 SUSE Bug 1240176 https://bugzilla.suse.com/1240181 SUSE Bug 1240181 https://bugzilla.suse.com/1240184 SUSE Bug 1240184 https://bugzilla.suse.com/1240185 SUSE Bug 1240185 https://bugzilla.suse.com/1240375 SUSE Bug 1240375 https://bugzilla.suse.com/1240557 SUSE Bug 1240557 https://bugzilla.suse.com/1240575 SUSE Bug 1240575 https://bugzilla.suse.com/1240576 SUSE Bug 1240576 https://bugzilla.suse.com/1240581 SUSE Bug 1240581 https://bugzilla.suse.com/1240582 SUSE Bug 1240582 https://bugzilla.suse.com/1240583 SUSE Bug 1240583 https://bugzilla.suse.com/1240584 SUSE Bug 1240584 https://bugzilla.suse.com/1240585 SUSE Bug 1240585 https://bugzilla.suse.com/1240587 SUSE Bug 1240587 https://bugzilla.suse.com/1240590 SUSE Bug 1240590 https://bugzilla.suse.com/1240591 SUSE Bug 1240591 https://bugzilla.suse.com/1240592 SUSE Bug 1240592 https://bugzilla.suse.com/1240593 SUSE Bug 1240593 https://bugzilla.suse.com/1240594 SUSE Bug 1240594 https://bugzilla.suse.com/1240595 SUSE Bug 1240595 https://bugzilla.suse.com/1240596 SUSE Bug 1240596 https://bugzilla.suse.com/1240600 SUSE Bug 1240600 https://bugzilla.suse.com/1240612 SUSE Bug 1240612 https://bugzilla.suse.com/1240616 SUSE Bug 1240616 https://bugzilla.suse.com/1240639 SUSE Bug 1240639 https://bugzilla.suse.com/1240643 SUSE Bug 1240643 https://bugzilla.suse.com/1240647 SUSE Bug 1240647 https://bugzilla.suse.com/1240655 SUSE Bug 1240655 https://bugzilla.suse.com/1240691 SUSE Bug 1240691 https://bugzilla.suse.com/1240700 SUSE Bug 1240700 https://bugzilla.suse.com/1240701 SUSE Bug 1240701 https://bugzilla.suse.com/1240703 SUSE Bug 1240703 https://bugzilla.suse.com/1240708 SUSE Bug 1240708 https://bugzilla.suse.com/1240709 SUSE Bug 1240709 https://bugzilla.suse.com/1240712 SUSE Bug 1240712 https://bugzilla.suse.com/1240713 SUSE Bug 1240713 https://bugzilla.suse.com/1240714 SUSE Bug 1240714 https://bugzilla.suse.com/1240715 SUSE Bug 1240715 https://bugzilla.suse.com/1240716 SUSE Bug 1240716 https://bugzilla.suse.com/1240717 SUSE Bug 1240717 https://bugzilla.suse.com/1240718 SUSE Bug 1240718 https://bugzilla.suse.com/1240719 SUSE Bug 1240719 https://bugzilla.suse.com/1240720 SUSE Bug 1240720 https://bugzilla.suse.com/1240722 SUSE Bug 1240722 https://bugzilla.suse.com/1240727 SUSE Bug 1240727 https://bugzilla.suse.com/1240739 SUSE Bug 1240739 https://bugzilla.suse.com/1240740 SUSE Bug 1240740 https://bugzilla.suse.com/1240742 SUSE Bug 1240742 https://bugzilla.suse.com/1240779 SUSE Bug 1240779 https://bugzilla.suse.com/1240783 SUSE Bug 1240783 https://bugzilla.suse.com/1240784 SUSE Bug 1240784 https://bugzilla.suse.com/1240785 SUSE Bug 1240785 https://bugzilla.suse.com/1240795 SUSE Bug 1240795 https://bugzilla.suse.com/1240796 SUSE Bug 1240796 https://bugzilla.suse.com/1240797 SUSE Bug 1240797 https://bugzilla.suse.com/1240799 SUSE Bug 1240799 https://bugzilla.suse.com/1240801 SUSE Bug 1240801 https://bugzilla.suse.com/1240802 SUSE Bug 1240802 https://bugzilla.suse.com/1240806 SUSE Bug 1240806 https://bugzilla.suse.com/1240808 SUSE Bug 1240808 https://bugzilla.suse.com/1240809 SUSE Bug 1240809 https://bugzilla.suse.com/1240811 SUSE Bug 1240811 https://bugzilla.suse.com/1240812 SUSE Bug 1240812 https://bugzilla.suse.com/1240813 SUSE Bug 1240813 https://bugzilla.suse.com/1240815 SUSE Bug 1240815 https://bugzilla.suse.com/1240816 SUSE Bug 1240816 https://bugzilla.suse.com/1240819 SUSE Bug 1240819 https://bugzilla.suse.com/1240821 SUSE Bug 1240821 https://bugzilla.suse.com/1240825 SUSE Bug 1240825 https://bugzilla.suse.com/1240829 SUSE Bug 1240829 https://bugzilla.suse.com/1240835 SUSE Bug 1240835 https://bugzilla.suse.com/1240866 SUSE Bug 1240866 https://bugzilla.suse.com/1240873 SUSE Bug 1240873 https://bugzilla.suse.com/1240934 SUSE Bug 1240934 https://bugzilla.suse.com/1240936 SUSE Bug 1240936 https://bugzilla.suse.com/1240937 SUSE Bug 1240937 https://bugzilla.suse.com/1240938 SUSE Bug 1240938 https://bugzilla.suse.com/1240940 SUSE Bug 1240940 https://bugzilla.suse.com/1240942 SUSE Bug 1240942 https://bugzilla.suse.com/1240943 SUSE Bug 1240943 https://bugzilla.suse.com/1240944 SUSE Bug 1240944 https://bugzilla.suse.com/1240966 SUSE Bug 1240966 https://bugzilla.suse.com/1240978 SUSE Bug 1240978 https://bugzilla.suse.com/1240979 SUSE Bug 1240979 https://bugzilla.suse.com/1241010 SUSE Bug 1241010 https://bugzilla.suse.com/1241038 SUSE Bug 1241038 https://bugzilla.suse.com/1241051 SUSE Bug 1241051 https://bugzilla.suse.com/1241123 SUSE Bug 1241123 https://bugzilla.suse.com/1241148 SUSE Bug 1241148 https://bugzilla.suse.com/1241151 SUSE Bug 1241151 https://bugzilla.suse.com/1241167 SUSE Bug 1241167 https://bugzilla.suse.com/1241175 SUSE Bug 1241175 https://bugzilla.suse.com/1241204 SUSE Bug 1241204 https://bugzilla.suse.com/1241250 SUSE Bug 1241250 https://bugzilla.suse.com/1241265 SUSE Bug 1241265 https://bugzilla.suse.com/1241266 SUSE Bug 1241266 https://bugzilla.suse.com/1241280 SUSE Bug 1241280 https://bugzilla.suse.com/1241282 SUSE Bug 1241282 https://bugzilla.suse.com/1241305 SUSE Bug 1241305 https://bugzilla.suse.com/1241332 SUSE Bug 1241332 https://bugzilla.suse.com/1241333 SUSE Bug 1241333 https://bugzilla.suse.com/1241340 SUSE Bug 1241340 https://bugzilla.suse.com/1241341 SUSE Bug 1241341 https://bugzilla.suse.com/1241343 SUSE Bug 1241343 https://bugzilla.suse.com/1241344 SUSE Bug 1241344 https://bugzilla.suse.com/1241347 SUSE Bug 1241347 https://bugzilla.suse.com/1241351 SUSE Bug 1241351 https://bugzilla.suse.com/1241357 SUSE Bug 1241357 https://bugzilla.suse.com/1241361 SUSE Bug 1241361 https://bugzilla.suse.com/1241369 SUSE Bug 1241369 https://bugzilla.suse.com/1241371 SUSE Bug 1241371 https://bugzilla.suse.com/1241373 SUSE Bug 1241373 https://bugzilla.suse.com/1241376 SUSE Bug 1241376 https://bugzilla.suse.com/1241378 SUSE Bug 1241378 https://bugzilla.suse.com/1241394 SUSE Bug 1241394 https://bugzilla.suse.com/1241402 SUSE Bug 1241402 https://bugzilla.suse.com/1241412 SUSE Bug 1241412 https://bugzilla.suse.com/1241413 SUSE Bug 1241413 https://bugzilla.suse.com/1241416 SUSE Bug 1241416 https://bugzilla.suse.com/1241424 SUSE Bug 1241424 https://bugzilla.suse.com/1241426 SUSE Bug 1241426 https://bugzilla.suse.com/1241433 SUSE Bug 1241433 https://bugzilla.suse.com/1241436 SUSE Bug 1241436 https://bugzilla.suse.com/1241441 SUSE Bug 1241441 https://bugzilla.suse.com/1241442 SUSE Bug 1241442 https://bugzilla.suse.com/1241443 SUSE Bug 1241443 https://bugzilla.suse.com/1241448 SUSE Bug 1241448 https://bugzilla.suse.com/1241451 SUSE Bug 1241451 https://bugzilla.suse.com/1241452 SUSE Bug 1241452 https://bugzilla.suse.com/1241456 SUSE Bug 1241456 https://bugzilla.suse.com/1241457 SUSE Bug 1241457 https://bugzilla.suse.com/1241458 SUSE Bug 1241458 https://bugzilla.suse.com/1241459 SUSE Bug 1241459 https://bugzilla.suse.com/1241492 SUSE Bug 1241492 https://bugzilla.suse.com/1241519 SUSE Bug 1241519 https://bugzilla.suse.com/1241525 SUSE Bug 1241525 https://bugzilla.suse.com/1241526 SUSE Bug 1241526 https://bugzilla.suse.com/1241528 SUSE Bug 1241528 https://bugzilla.suse.com/1241533 SUSE Bug 1241533 https://bugzilla.suse.com/1241537 SUSE Bug 1241537 https://bugzilla.suse.com/1241538 SUSE Bug 1241538 https://bugzilla.suse.com/1241541 SUSE Bug 1241541 https://bugzilla.suse.com/1241545 SUSE Bug 1241545 https://bugzilla.suse.com/1241547 SUSE Bug 1241547 https://bugzilla.suse.com/1241548 SUSE Bug 1241548 https://bugzilla.suse.com/1241550 SUSE Bug 1241550 https://bugzilla.suse.com/1241573 SUSE Bug 1241573 https://bugzilla.suse.com/1241574 SUSE Bug 1241574 https://bugzilla.suse.com/1241575 SUSE Bug 1241575 https://bugzilla.suse.com/1241576 SUSE Bug 1241576 https://bugzilla.suse.com/1241578 SUSE Bug 1241578 https://bugzilla.suse.com/1241590 SUSE Bug 1241590 https://bugzilla.suse.com/1241593 SUSE Bug 1241593 https://bugzilla.suse.com/1241595 SUSE Bug 1241595 https://bugzilla.suse.com/1241596 SUSE Bug 1241596 https://bugzilla.suse.com/1241597 SUSE Bug 1241597 https://bugzilla.suse.com/1241598 SUSE Bug 1241598 https://bugzilla.suse.com/1241599 SUSE Bug 1241599 https://bugzilla.suse.com/1241601 SUSE Bug 1241601 https://bugzilla.suse.com/1241625 SUSE Bug 1241625 https://bugzilla.suse.com/1241626 SUSE Bug 1241626 https://bugzilla.suse.com/1241627 SUSE Bug 1241627 https://bugzilla.suse.com/1241635 SUSE Bug 1241635 https://bugzilla.suse.com/1241638 SUSE Bug 1241638 https://bugzilla.suse.com/1241640 SUSE Bug 1241640 https://bugzilla.suse.com/1241644 SUSE Bug 1241644 https://bugzilla.suse.com/1241648 SUSE Bug 1241648 https://bugzilla.suse.com/1241654 SUSE Bug 1241654 https://bugzilla.suse.com/1241657 SUSE Bug 1241657 https://bugzilla.suse.com/1242006 SUSE Bug 1242006 https://bugzilla.suse.com/1242012 SUSE Bug 1242012 https://bugzilla.suse.com/1242035 SUSE Bug 1242035 https://bugzilla.suse.com/1242044 SUSE Bug 1242044 https://bugzilla.suse.com/1242172 SUSE Bug 1242172 https://bugzilla.suse.com/1242203 SUSE Bug 1242203 https://bugzilla.suse.com/1242283 SUSE Bug 1242283 https://bugzilla.suse.com/1242307 SUSE Bug 1242307 https://bugzilla.suse.com/1242313 SUSE Bug 1242313 https://bugzilla.suse.com/1242314 SUSE Bug 1242314 https://bugzilla.suse.com/1242315 SUSE Bug 1242315 https://bugzilla.suse.com/1242321 SUSE Bug 1242321 https://bugzilla.suse.com/1242326 SUSE Bug 1242326 https://bugzilla.suse.com/1242327 SUSE Bug 1242327 https://bugzilla.suse.com/1242328 SUSE Bug 1242328 https://bugzilla.suse.com/1242332 SUSE Bug 1242332 https://bugzilla.suse.com/1242333 SUSE Bug 1242333 https://bugzilla.suse.com/1242335 SUSE Bug 1242335 https://bugzilla.suse.com/1242336 SUSE Bug 1242336 https://bugzilla.suse.com/1242342 SUSE Bug 1242342 https://bugzilla.suse.com/1242343 SUSE Bug 1242343 https://bugzilla.suse.com/1242344 SUSE Bug 1242344 https://bugzilla.suse.com/1242345 SUSE Bug 1242345 https://bugzilla.suse.com/1242346 SUSE Bug 1242346 https://bugzilla.suse.com/1242347 SUSE Bug 1242347 https://bugzilla.suse.com/1242348 SUSE Bug 1242348 https://bugzilla.suse.com/1242414 SUSE Bug 1242414 https://bugzilla.suse.com/1242417 SUSE Bug 1242417 https://bugzilla.suse.com/1242501 SUSE Bug 1242501 https://bugzilla.suse.com/1242502 SUSE Bug 1242502 https://bugzilla.suse.com/1242506 SUSE Bug 1242506 https://bugzilla.suse.com/1242507 SUSE Bug 1242507 https://bugzilla.suse.com/1242509 SUSE Bug 1242509 https://bugzilla.suse.com/1242510 SUSE Bug 1242510 https://bugzilla.suse.com/1242512 SUSE Bug 1242512 https://bugzilla.suse.com/1242513 SUSE Bug 1242513 https://bugzilla.suse.com/1242514 SUSE Bug 1242514 https://bugzilla.suse.com/1242520 SUSE Bug 1242520 https://bugzilla.suse.com/1242523 SUSE Bug 1242523 https://bugzilla.suse.com/1242524 SUSE Bug 1242524 https://bugzilla.suse.com/1242526 SUSE Bug 1242526 https://bugzilla.suse.com/1242528 SUSE Bug 1242528 https://bugzilla.suse.com/1242529 SUSE Bug 1242529 https://bugzilla.suse.com/1242530 SUSE Bug 1242530 https://bugzilla.suse.com/1242531 SUSE Bug 1242531 https://bugzilla.suse.com/1242532 SUSE Bug 1242532 https://bugzilla.suse.com/1242534 SUSE Bug 1242534 https://bugzilla.suse.com/1242535 SUSE Bug 1242535 https://bugzilla.suse.com/1242536 SUSE Bug 1242536 https://bugzilla.suse.com/1242537 SUSE Bug 1242537 https://bugzilla.suse.com/1242538 SUSE Bug 1242538 https://bugzilla.suse.com/1242539 SUSE Bug 1242539 https://bugzilla.suse.com/1242540 SUSE Bug 1242540 https://bugzilla.suse.com/1242546 SUSE Bug 1242546 https://bugzilla.suse.com/1242556 SUSE Bug 1242556 https://bugzilla.suse.com/1242559 SUSE Bug 1242559 https://bugzilla.suse.com/1242563 SUSE Bug 1242563 https://bugzilla.suse.com/1242564 SUSE Bug 1242564 https://bugzilla.suse.com/1242565 SUSE Bug 1242565 https://bugzilla.suse.com/1242566 SUSE Bug 1242566 https://bugzilla.suse.com/1242567 SUSE Bug 1242567 https://bugzilla.suse.com/1242568 SUSE Bug 1242568 https://bugzilla.suse.com/1242569 SUSE Bug 1242569 https://bugzilla.suse.com/1242574 SUSE Bug 1242574 https://bugzilla.suse.com/1242575 SUSE Bug 1242575 https://bugzilla.suse.com/1242578 SUSE Bug 1242578 https://bugzilla.suse.com/1242584 SUSE Bug 1242584 https://bugzilla.suse.com/1242585 SUSE Bug 1242585 https://bugzilla.suse.com/1242587 SUSE Bug 1242587 https://bugzilla.suse.com/1242591 SUSE Bug 1242591 https://bugzilla.suse.com/1242596 SUSE Bug 1242596 https://bugzilla.suse.com/1242709 SUSE Bug 1242709 https://bugzilla.suse.com/1242710 SUSE Bug 1242710 https://bugzilla.suse.com/1242727 SUSE Bug 1242727 https://bugzilla.suse.com/1242758 SUSE Bug 1242758 https://bugzilla.suse.com/1242760 SUSE Bug 1242760 https://bugzilla.suse.com/1242761 SUSE Bug 1242761 https://bugzilla.suse.com/1242762 SUSE Bug 1242762 https://bugzilla.suse.com/1242763 SUSE Bug 1242763 https://bugzilla.suse.com/1242764 SUSE Bug 1242764 https://bugzilla.suse.com/1242766 SUSE Bug 1242766 https://bugzilla.suse.com/1242770 SUSE Bug 1242770 https://bugzilla.suse.com/1242778 SUSE Bug 1242778 https://bugzilla.suse.com/1242781 SUSE Bug 1242781 https://bugzilla.suse.com/1242782 SUSE Bug 1242782 https://bugzilla.suse.com/1242785 SUSE Bug 1242785 https://bugzilla.suse.com/1242786 SUSE Bug 1242786 https://bugzilla.suse.com/1242792 SUSE Bug 1242792 https://bugzilla.suse.com/1242831 SUSE Bug 1242831 https://bugzilla.suse.com/1242852 SUSE Bug 1242852 https://bugzilla.suse.com/1242854 SUSE Bug 1242854 https://bugzilla.suse.com/1242856 SUSE Bug 1242856 https://bugzilla.suse.com/1242859 SUSE Bug 1242859 https://bugzilla.suse.com/1242860 SUSE Bug 1242860 https://bugzilla.suse.com/1242861 SUSE Bug 1242861 https://bugzilla.suse.com/1242866 SUSE Bug 1242866 https://bugzilla.suse.com/1242867 SUSE Bug 1242867 https://bugzilla.suse.com/1242868 SUSE Bug 1242868 https://bugzilla.suse.com/1242871 SUSE Bug 1242871 https://bugzilla.suse.com/1242873 SUSE Bug 1242873 https://bugzilla.suse.com/1242875 SUSE Bug 1242875 https://bugzilla.suse.com/1242906 SUSE Bug 1242906 https://bugzilla.suse.com/1242908 SUSE Bug 1242908 https://bugzilla.suse.com/1242924 SUSE Bug 1242924 https://bugzilla.suse.com/1242930 SUSE Bug 1242930 https://bugzilla.suse.com/1242944 SUSE Bug 1242944 https://bugzilla.suse.com/1242945 SUSE Bug 1242945 https://bugzilla.suse.com/1242948 SUSE Bug 1242948 https://bugzilla.suse.com/1242949 SUSE Bug 1242949 https://bugzilla.suse.com/1242951 SUSE Bug 1242951 https://bugzilla.suse.com/1242953 SUSE Bug 1242953 https://bugzilla.suse.com/1242955 SUSE Bug 1242955 https://bugzilla.suse.com/1242957 SUSE Bug 1242957 https://bugzilla.suse.com/1242959 SUSE Bug 1242959 https://bugzilla.suse.com/1242961 SUSE Bug 1242961 https://bugzilla.suse.com/1242962 SUSE Bug 1242962 https://bugzilla.suse.com/1242973 SUSE Bug 1242973 https://bugzilla.suse.com/1242974 SUSE Bug 1242974 https://bugzilla.suse.com/1242977 SUSE Bug 1242977 https://bugzilla.suse.com/1242985 SUSE Bug 1242985 https://bugzilla.suse.com/1242990 SUSE Bug 1242990 https://bugzilla.suse.com/1242993 SUSE Bug 1242993 https://bugzilla.suse.com/1243000 SUSE Bug 1243000 https://bugzilla.suse.com/1243006 SUSE Bug 1243006 https://bugzilla.suse.com/1243011 SUSE Bug 1243011 https://bugzilla.suse.com/1243015 SUSE Bug 1243015 https://bugzilla.suse.com/1243044 SUSE Bug 1243044 https://bugzilla.suse.com/1243049 SUSE Bug 1243049 https://bugzilla.suse.com/1243056 SUSE Bug 1243056 https://bugzilla.suse.com/1243074 SUSE Bug 1243074 https://bugzilla.suse.com/1243076 SUSE Bug 1243076 https://bugzilla.suse.com/1243077 SUSE Bug 1243077 https://bugzilla.suse.com/1243082 SUSE Bug 1243082 https://bugzilla.suse.com/1243090 SUSE Bug 1243090 https://bugzilla.suse.com/1243330 SUSE Bug 1243330 https://bugzilla.suse.com/1243342 SUSE Bug 1243342 https://bugzilla.suse.com/1243456 SUSE Bug 1243456 https://bugzilla.suse.com/1243469 SUSE Bug 1243469 https://bugzilla.suse.com/1243470 SUSE Bug 1243470 https://bugzilla.suse.com/1243471 SUSE Bug 1243471 https://bugzilla.suse.com/1243472 SUSE Bug 1243472 https://bugzilla.suse.com/1243473 SUSE Bug 1243473 https://bugzilla.suse.com/1243476 SUSE Bug 1243476 https://bugzilla.suse.com/1243509 SUSE Bug 1243509 https://bugzilla.suse.com/1243511 SUSE Bug 1243511 https://bugzilla.suse.com/1243513 SUSE Bug 1243513 https://bugzilla.suse.com/1243515 SUSE Bug 1243515 https://bugzilla.suse.com/1243516 SUSE Bug 1243516 https://bugzilla.suse.com/1243517 SUSE Bug 1243517 https://bugzilla.suse.com/1243519 SUSE Bug 1243519 https://bugzilla.suse.com/1243522 SUSE Bug 1243522 https://bugzilla.suse.com/1243524 SUSE Bug 1243524 https://bugzilla.suse.com/1243528 SUSE Bug 1243528 https://bugzilla.suse.com/1243529 SUSE Bug 1243529 https://bugzilla.suse.com/1243530 SUSE Bug 1243530 https://bugzilla.suse.com/1243534 SUSE Bug 1243534 https://bugzilla.suse.com/1243536 SUSE Bug 1243536 https://bugzilla.suse.com/1243539 SUSE Bug 1243539 https://bugzilla.suse.com/1243540 SUSE Bug 1243540 https://bugzilla.suse.com/1243541 SUSE Bug 1243541 https://bugzilla.suse.com/1243543 SUSE Bug 1243543 https://bugzilla.suse.com/1243545 SUSE Bug 1243545 https://bugzilla.suse.com/1243547 SUSE Bug 1243547 https://bugzilla.suse.com/1243559 SUSE Bug 1243559 https://bugzilla.suse.com/1243560 SUSE Bug 1243560 https://bugzilla.suse.com/1243562 SUSE Bug 1243562 https://bugzilla.suse.com/1243567 SUSE Bug 1243567 https://bugzilla.suse.com/1243573 SUSE Bug 1243573 https://bugzilla.suse.com/1243574 SUSE Bug 1243574 https://bugzilla.suse.com/1243575 SUSE Bug 1243575 https://bugzilla.suse.com/1243589 SUSE Bug 1243589 https://bugzilla.suse.com/1243621 SUSE Bug 1243621 https://bugzilla.suse.com/1243624 SUSE Bug 1243624 https://bugzilla.suse.com/1243625 SUSE Bug 1243625 https://bugzilla.suse.com/1243626 SUSE Bug 1243626 https://bugzilla.suse.com/1243627 SUSE Bug 1243627 https://bugzilla.suse.com/1243649 SUSE Bug 1243649 https://bugzilla.suse.com/1243657 SUSE Bug 1243657 https://bugzilla.suse.com/1243658 SUSE Bug 1243658 https://bugzilla.suse.com/1243659 SUSE Bug 1243659 https://bugzilla.suse.com/1243660 SUSE Bug 1243660 https://bugzilla.suse.com/1243664 SUSE Bug 1243664 https://bugzilla.suse.com/1243737 SUSE Bug 1243737 https://bugzilla.suse.com/1243805 SUSE Bug 1243805 https://bugzilla.suse.com/1243963 SUSE Bug 1243963 https://www.suse.com/security/cve/CVE-2023-53034/ SUSE CVE CVE-2023-53034 page https://www.suse.com/security/cve/CVE-2023-53146/ SUSE CVE CVE-2023-53146 page https://www.suse.com/security/cve/CVE-2024-27018/ SUSE CVE CVE-2024-27018 page https://www.suse.com/security/cve/CVE-2024-27415/ SUSE CVE CVE-2024-27415 page https://www.suse.com/security/cve/CVE-2024-28956/ SUSE CVE CVE-2024-28956 page https://www.suse.com/security/cve/CVE-2024-35840/ SUSE CVE CVE-2024-35840 page https://www.suse.com/security/cve/CVE-2024-43869/ SUSE CVE CVE-2024-43869 page https://www.suse.com/security/cve/CVE-2024-46713/ SUSE CVE CVE-2024-46713 page https://www.suse.com/security/cve/CVE-2024-46763/ SUSE CVE CVE-2024-46763 page https://www.suse.com/security/cve/CVE-2024-46865/ SUSE CVE CVE-2024-46865 page https://www.suse.com/security/cve/CVE-2024-50038/ SUSE CVE CVE-2024-50038 page https://www.suse.com/security/cve/CVE-2024-50083/ SUSE CVE CVE-2024-50083 page https://www.suse.com/security/cve/CVE-2024-50106/ SUSE CVE CVE-2024-50106 page https://www.suse.com/security/cve/CVE-2024-50162/ SUSE CVE CVE-2024-50162 page https://www.suse.com/security/cve/CVE-2024-50163/ SUSE CVE CVE-2024-50163 page https://www.suse.com/security/cve/CVE-2024-50223/ SUSE CVE CVE-2024-50223 page https://www.suse.com/security/cve/CVE-2024-53124/ SUSE CVE CVE-2024-53124 page https://www.suse.com/security/cve/CVE-2024-53135/ SUSE CVE CVE-2024-53135 page https://www.suse.com/security/cve/CVE-2024-53139/ SUSE CVE CVE-2024-53139 page https://www.suse.com/security/cve/CVE-2024-54458/ SUSE CVE CVE-2024-54458 page https://www.suse.com/security/cve/CVE-2024-56641/ SUSE CVE CVE-2024-56641 page https://www.suse.com/security/cve/CVE-2024-56702/ SUSE CVE CVE-2024-56702 page https://www.suse.com/security/cve/CVE-2024-57924/ SUSE CVE CVE-2024-57924 page https://www.suse.com/security/cve/CVE-2024-57998/ SUSE CVE CVE-2024-57998 page https://www.suse.com/security/cve/CVE-2024-58001/ SUSE CVE CVE-2024-58001 page https://www.suse.com/security/cve/CVE-2024-58018/ SUSE CVE CVE-2024-58018 page https://www.suse.com/security/cve/CVE-2024-58068/ SUSE CVE CVE-2024-58068 page https://www.suse.com/security/cve/CVE-2024-58070/ SUSE CVE CVE-2024-58070 page https://www.suse.com/security/cve/CVE-2024-58071/ SUSE CVE CVE-2024-58071 page https://www.suse.com/security/cve/CVE-2024-58088/ SUSE CVE CVE-2024-58088 page https://www.suse.com/security/cve/CVE-2024-58093/ SUSE CVE CVE-2024-58093 page https://www.suse.com/security/cve/CVE-2024-58094/ SUSE CVE CVE-2024-58094 page https://www.suse.com/security/cve/CVE-2024-58095/ SUSE CVE CVE-2024-58095 page https://www.suse.com/security/cve/CVE-2024-58096/ SUSE CVE CVE-2024-58096 page https://www.suse.com/security/cve/CVE-2024-58097/ SUSE CVE CVE-2024-58097 page https://www.suse.com/security/cve/CVE-2024-58098/ SUSE CVE CVE-2024-58098 page https://www.suse.com/security/cve/CVE-2024-58099/ SUSE CVE CVE-2024-58099 page https://www.suse.com/security/cve/CVE-2024-58100/ SUSE CVE CVE-2024-58100 page https://www.suse.com/security/cve/CVE-2024-58237/ SUSE CVE CVE-2024-58237 page https://www.suse.com/security/cve/CVE-2025-21629/ SUSE CVE CVE-2025-21629 page https://www.suse.com/security/cve/CVE-2025-21648/ SUSE CVE CVE-2025-21648 page https://www.suse.com/security/cve/CVE-2025-21683/ SUSE CVE CVE-2025-21683 page https://www.suse.com/security/cve/CVE-2025-21696/ SUSE CVE CVE-2025-21696 page https://www.suse.com/security/cve/CVE-2025-21702/ SUSE CVE CVE-2025-21702 page https://www.suse.com/security/cve/CVE-2025-21707/ SUSE CVE CVE-2025-21707 page https://www.suse.com/security/cve/CVE-2025-21729/ SUSE CVE CVE-2025-21729 page https://www.suse.com/security/cve/CVE-2025-21755/ SUSE CVE CVE-2025-21755 page https://www.suse.com/security/cve/CVE-2025-21758/ SUSE CVE CVE-2025-21758 page https://www.suse.com/security/cve/CVE-2025-21768/ SUSE CVE CVE-2025-21768 page https://www.suse.com/security/cve/CVE-2025-21787/ SUSE CVE CVE-2025-21787 page https://www.suse.com/security/cve/CVE-2025-21792/ SUSE CVE CVE-2025-21792 page https://www.suse.com/security/cve/CVE-2025-21806/ SUSE CVE CVE-2025-21806 page https://www.suse.com/security/cve/CVE-2025-21808/ SUSE CVE CVE-2025-21808 page https://www.suse.com/security/cve/CVE-2025-21812/ SUSE CVE CVE-2025-21812 page https://www.suse.com/security/cve/CVE-2025-21814/ SUSE CVE CVE-2025-21814 page https://www.suse.com/security/cve/CVE-2025-21833/ SUSE CVE CVE-2025-21833 page https://www.suse.com/security/cve/CVE-2025-21836/ SUSE CVE CVE-2025-21836 page https://www.suse.com/security/cve/CVE-2025-21852/ SUSE CVE CVE-2025-21852 page https://www.suse.com/security/cve/CVE-2025-21853/ SUSE CVE CVE-2025-21853 page https://www.suse.com/security/cve/CVE-2025-21854/ SUSE CVE CVE-2025-21854 page https://www.suse.com/security/cve/CVE-2025-21863/ SUSE CVE CVE-2025-21863 page https://www.suse.com/security/cve/CVE-2025-21867/ SUSE CVE CVE-2025-21867 page https://www.suse.com/security/cve/CVE-2025-21873/ SUSE CVE CVE-2025-21873 page https://www.suse.com/security/cve/CVE-2025-21875/ SUSE CVE CVE-2025-21875 page https://www.suse.com/security/cve/CVE-2025-21881/ SUSE CVE CVE-2025-21881 page https://www.suse.com/security/cve/CVE-2025-21884/ SUSE CVE CVE-2025-21884 page https://www.suse.com/security/cve/CVE-2025-21887/ SUSE CVE CVE-2025-21887 page https://www.suse.com/security/cve/CVE-2025-21889/ SUSE CVE CVE-2025-21889 page https://www.suse.com/security/cve/CVE-2025-21894/ SUSE CVE CVE-2025-21894 page https://www.suse.com/security/cve/CVE-2025-21895/ SUSE CVE CVE-2025-21895 page https://www.suse.com/security/cve/CVE-2025-21904/ SUSE CVE CVE-2025-21904 page https://www.suse.com/security/cve/CVE-2025-21905/ SUSE CVE CVE-2025-21905 page https://www.suse.com/security/cve/CVE-2025-21906/ SUSE CVE CVE-2025-21906 page https://www.suse.com/security/cve/CVE-2025-21908/ SUSE CVE CVE-2025-21908 page https://www.suse.com/security/cve/CVE-2025-21909/ SUSE CVE CVE-2025-21909 page https://www.suse.com/security/cve/CVE-2025-21910/ SUSE CVE CVE-2025-21910 page https://www.suse.com/security/cve/CVE-2025-21912/ SUSE CVE CVE-2025-21912 page https://www.suse.com/security/cve/CVE-2025-21913/ SUSE CVE CVE-2025-21913 page https://www.suse.com/security/cve/CVE-2025-21914/ SUSE CVE CVE-2025-21914 page https://www.suse.com/security/cve/CVE-2025-21915/ SUSE CVE CVE-2025-21915 page https://www.suse.com/security/cve/CVE-2025-21916/ SUSE CVE CVE-2025-21916 page https://www.suse.com/security/cve/CVE-2025-21917/ SUSE CVE CVE-2025-21917 page https://www.suse.com/security/cve/CVE-2025-21918/ SUSE CVE CVE-2025-21918 page https://www.suse.com/security/cve/CVE-2025-21919/ SUSE CVE CVE-2025-21919 page https://www.suse.com/security/cve/CVE-2025-21922/ SUSE CVE CVE-2025-21922 page https://www.suse.com/security/cve/CVE-2025-21923/ SUSE CVE CVE-2025-21923 page https://www.suse.com/security/cve/CVE-2025-21924/ SUSE CVE CVE-2025-21924 page https://www.suse.com/security/cve/CVE-2025-21925/ SUSE CVE CVE-2025-21925 page https://www.suse.com/security/cve/CVE-2025-21926/ SUSE CVE CVE-2025-21926 page https://www.suse.com/security/cve/CVE-2025-21927/ SUSE CVE CVE-2025-21927 page https://www.suse.com/security/cve/CVE-2025-21928/ SUSE CVE CVE-2025-21928 page https://www.suse.com/security/cve/CVE-2025-21930/ SUSE CVE CVE-2025-21930 page https://www.suse.com/security/cve/CVE-2025-21931/ SUSE CVE CVE-2025-21931 page https://www.suse.com/security/cve/CVE-2025-21934/ SUSE CVE CVE-2025-21934 page https://www.suse.com/security/cve/CVE-2025-21935/ SUSE CVE CVE-2025-21935 page https://www.suse.com/security/cve/CVE-2025-21936/ SUSE CVE CVE-2025-21936 page https://www.suse.com/security/cve/CVE-2025-21937/ SUSE CVE CVE-2025-21937 page https://www.suse.com/security/cve/CVE-2025-21941/ SUSE CVE CVE-2025-21941 page https://www.suse.com/security/cve/CVE-2025-21943/ SUSE CVE CVE-2025-21943 page https://www.suse.com/security/cve/CVE-2025-21948/ SUSE CVE CVE-2025-21948 page https://www.suse.com/security/cve/CVE-2025-21950/ SUSE CVE CVE-2025-21950 page https://www.suse.com/security/cve/CVE-2025-21951/ SUSE CVE CVE-2025-21951 page https://www.suse.com/security/cve/CVE-2025-21953/ SUSE CVE CVE-2025-21953 page https://www.suse.com/security/cve/CVE-2025-21956/ SUSE CVE CVE-2025-21956 page https://www.suse.com/security/cve/CVE-2025-21957/ SUSE CVE CVE-2025-21957 page https://www.suse.com/security/cve/CVE-2025-21960/ SUSE CVE CVE-2025-21960 page https://www.suse.com/security/cve/CVE-2025-21961/ SUSE CVE CVE-2025-21961 page https://www.suse.com/security/cve/CVE-2025-21962/ SUSE CVE CVE-2025-21962 page https://www.suse.com/security/cve/CVE-2025-21963/ SUSE CVE CVE-2025-21963 page https://www.suse.com/security/cve/CVE-2025-21964/ SUSE CVE CVE-2025-21964 page https://www.suse.com/security/cve/CVE-2025-21966/ SUSE CVE CVE-2025-21966 page https://www.suse.com/security/cve/CVE-2025-21968/ SUSE CVE CVE-2025-21968 page https://www.suse.com/security/cve/CVE-2025-21969/ SUSE CVE CVE-2025-21969 page https://www.suse.com/security/cve/CVE-2025-21970/ SUSE CVE CVE-2025-21970 page https://www.suse.com/security/cve/CVE-2025-21971/ SUSE CVE CVE-2025-21971 page https://www.suse.com/security/cve/CVE-2025-21972/ SUSE CVE CVE-2025-21972 page https://www.suse.com/security/cve/CVE-2025-21975/ SUSE CVE CVE-2025-21975 page https://www.suse.com/security/cve/CVE-2025-21978/ SUSE CVE CVE-2025-21978 page https://www.suse.com/security/cve/CVE-2025-21979/ SUSE CVE CVE-2025-21979 page https://www.suse.com/security/cve/CVE-2025-21980/ SUSE CVE CVE-2025-21980 page https://www.suse.com/security/cve/CVE-2025-21981/ SUSE CVE CVE-2025-21981 page https://www.suse.com/security/cve/CVE-2025-21985/ SUSE CVE CVE-2025-21985 page https://www.suse.com/security/cve/CVE-2025-21991/ SUSE CVE CVE-2025-21991 page https://www.suse.com/security/cve/CVE-2025-21992/ SUSE CVE CVE-2025-21992 page https://www.suse.com/security/cve/CVE-2025-21993/ SUSE CVE CVE-2025-21993 page https://www.suse.com/security/cve/CVE-2025-21995/ SUSE CVE CVE-2025-21995 page https://www.suse.com/security/cve/CVE-2025-21996/ SUSE CVE CVE-2025-21996 page https://www.suse.com/security/cve/CVE-2025-21999/ SUSE CVE CVE-2025-21999 page https://www.suse.com/security/cve/CVE-2025-22001/ SUSE CVE CVE-2025-22001 page https://www.suse.com/security/cve/CVE-2025-22003/ SUSE CVE CVE-2025-22003 page https://www.suse.com/security/cve/CVE-2025-22004/ SUSE CVE CVE-2025-22004 page https://www.suse.com/security/cve/CVE-2025-22005/ SUSE CVE CVE-2025-22005 page https://www.suse.com/security/cve/CVE-2025-22007/ SUSE CVE CVE-2025-22007 page https://www.suse.com/security/cve/CVE-2025-22008/ SUSE CVE CVE-2025-22008 page https://www.suse.com/security/cve/CVE-2025-22009/ SUSE CVE CVE-2025-22009 page https://www.suse.com/security/cve/CVE-2025-22010/ SUSE CVE CVE-2025-22010 page https://www.suse.com/security/cve/CVE-2025-22013/ SUSE CVE CVE-2025-22013 page https://www.suse.com/security/cve/CVE-2025-22014/ SUSE CVE CVE-2025-22014 page https://www.suse.com/security/cve/CVE-2025-22015/ SUSE CVE CVE-2025-22015 page https://www.suse.com/security/cve/CVE-2025-22016/ SUSE CVE CVE-2025-22016 page https://www.suse.com/security/cve/CVE-2025-22017/ SUSE CVE CVE-2025-22017 page https://www.suse.com/security/cve/CVE-2025-22018/ SUSE CVE CVE-2025-22018 page https://www.suse.com/security/cve/CVE-2025-22020/ SUSE CVE CVE-2025-22020 page https://www.suse.com/security/cve/CVE-2025-22021/ SUSE CVE CVE-2025-22021 page https://www.suse.com/security/cve/CVE-2025-22025/ SUSE CVE CVE-2025-22025 page https://www.suse.com/security/cve/CVE-2025-22027/ SUSE CVE CVE-2025-22027 page https://www.suse.com/security/cve/CVE-2025-22029/ SUSE CVE CVE-2025-22029 page https://www.suse.com/security/cve/CVE-2025-22030/ SUSE CVE CVE-2025-22030 page https://www.suse.com/security/cve/CVE-2025-22033/ SUSE CVE CVE-2025-22033 page https://www.suse.com/security/cve/CVE-2025-22036/ SUSE CVE CVE-2025-22036 page https://www.suse.com/security/cve/CVE-2025-22044/ SUSE CVE CVE-2025-22044 page https://www.suse.com/security/cve/CVE-2025-22045/ SUSE CVE CVE-2025-22045 page https://www.suse.com/security/cve/CVE-2025-22050/ SUSE CVE CVE-2025-22050 page https://www.suse.com/security/cve/CVE-2025-22053/ SUSE CVE CVE-2025-22053 page https://www.suse.com/security/cve/CVE-2025-22055/ SUSE CVE CVE-2025-22055 page https://www.suse.com/security/cve/CVE-2025-22056/ SUSE CVE CVE-2025-22056 page https://www.suse.com/security/cve/CVE-2025-22057/ SUSE CVE CVE-2025-22057 page https://www.suse.com/security/cve/CVE-2025-22058/ SUSE CVE CVE-2025-22058 page https://www.suse.com/security/cve/CVE-2025-22060/ SUSE CVE CVE-2025-22060 page https://www.suse.com/security/cve/CVE-2025-22062/ SUSE CVE CVE-2025-22062 page https://www.suse.com/security/cve/CVE-2025-22063/ SUSE CVE CVE-2025-22063 page https://www.suse.com/security/cve/CVE-2025-22064/ SUSE CVE CVE-2025-22064 page https://www.suse.com/security/cve/CVE-2025-22065/ SUSE CVE CVE-2025-22065 page https://www.suse.com/security/cve/CVE-2025-22066/ SUSE CVE CVE-2025-22066 page https://www.suse.com/security/cve/CVE-2025-22070/ SUSE CVE CVE-2025-22070 page https://www.suse.com/security/cve/CVE-2025-22075/ SUSE CVE CVE-2025-22075 page https://www.suse.com/security/cve/CVE-2025-22080/ SUSE CVE CVE-2025-22080 page https://www.suse.com/security/cve/CVE-2025-22086/ SUSE CVE CVE-2025-22086 page https://www.suse.com/security/cve/CVE-2025-22088/ SUSE CVE CVE-2025-22088 page https://www.suse.com/security/cve/CVE-2025-22089/ SUSE CVE CVE-2025-22089 page https://www.suse.com/security/cve/CVE-2025-22090/ SUSE CVE CVE-2025-22090 page https://www.suse.com/security/cve/CVE-2025-22093/ SUSE CVE CVE-2025-22093 page https://www.suse.com/security/cve/CVE-2025-22095/ SUSE CVE CVE-2025-22095 page https://www.suse.com/security/cve/CVE-2025-22097/ SUSE CVE CVE-2025-22097 page https://www.suse.com/security/cve/CVE-2025-22102/ SUSE CVE CVE-2025-22102 page https://www.suse.com/security/cve/CVE-2025-22103/ SUSE CVE CVE-2025-22103 page https://www.suse.com/security/cve/CVE-2025-22104/ SUSE CVE CVE-2025-22104 page https://www.suse.com/security/cve/CVE-2025-22105/ SUSE CVE CVE-2025-22105 page https://www.suse.com/security/cve/CVE-2025-22106/ SUSE CVE CVE-2025-22106 page https://www.suse.com/security/cve/CVE-2025-22107/ SUSE CVE CVE-2025-22107 page https://www.suse.com/security/cve/CVE-2025-22108/ SUSE CVE CVE-2025-22108 page https://www.suse.com/security/cve/CVE-2025-22109/ SUSE CVE CVE-2025-22109 page https://www.suse.com/security/cve/CVE-2025-22115/ SUSE CVE CVE-2025-22115 page https://www.suse.com/security/cve/CVE-2025-22116/ SUSE CVE CVE-2025-22116 page https://www.suse.com/security/cve/CVE-2025-22119/ SUSE CVE CVE-2025-22119 page https://www.suse.com/security/cve/CVE-2025-22121/ SUSE CVE CVE-2025-22121 page https://www.suse.com/security/cve/CVE-2025-22124/ SUSE CVE CVE-2025-22124 page https://www.suse.com/security/cve/CVE-2025-22125/ SUSE CVE CVE-2025-22125 page https://www.suse.com/security/cve/CVE-2025-22126/ SUSE CVE CVE-2025-22126 page https://www.suse.com/security/cve/CVE-2025-22128/ SUSE CVE CVE-2025-22128 page https://www.suse.com/security/cve/CVE-2025-2312/ SUSE CVE CVE-2025-2312 page https://www.suse.com/security/cve/CVE-2025-23129/ SUSE CVE CVE-2025-23129 page https://www.suse.com/security/cve/CVE-2025-23131/ SUSE CVE CVE-2025-23131 page https://www.suse.com/security/cve/CVE-2025-23133/ SUSE CVE CVE-2025-23133 page https://www.suse.com/security/cve/CVE-2025-23136/ SUSE CVE CVE-2025-23136 page https://www.suse.com/security/cve/CVE-2025-23138/ SUSE CVE CVE-2025-23138 page https://www.suse.com/security/cve/CVE-2025-23140/ SUSE CVE CVE-2025-23140 page https://www.suse.com/security/cve/CVE-2025-23141/ SUSE CVE CVE-2025-23141 page https://www.suse.com/security/cve/CVE-2025-23142/ SUSE CVE CVE-2025-23142 page https://www.suse.com/security/cve/CVE-2025-23144/ SUSE CVE CVE-2025-23144 page https://www.suse.com/security/cve/CVE-2025-23145/ SUSE CVE CVE-2025-23145 page https://www.suse.com/security/cve/CVE-2025-23146/ SUSE CVE CVE-2025-23146 page https://www.suse.com/security/cve/CVE-2025-23147/ SUSE CVE CVE-2025-23147 page https://www.suse.com/security/cve/CVE-2025-23148/ SUSE CVE CVE-2025-23148 page https://www.suse.com/security/cve/CVE-2025-23149/ SUSE CVE CVE-2025-23149 page https://www.suse.com/security/cve/CVE-2025-23150/ SUSE CVE CVE-2025-23150 page https://www.suse.com/security/cve/CVE-2025-23151/ SUSE CVE CVE-2025-23151 page https://www.suse.com/security/cve/CVE-2025-23156/ SUSE CVE CVE-2025-23156 page https://www.suse.com/security/cve/CVE-2025-23157/ SUSE CVE CVE-2025-23157 page https://www.suse.com/security/cve/CVE-2025-23158/ SUSE CVE CVE-2025-23158 page https://www.suse.com/security/cve/CVE-2025-23159/ SUSE CVE CVE-2025-23159 page https://www.suse.com/security/cve/CVE-2025-23160/ SUSE CVE CVE-2025-23160 page https://www.suse.com/security/cve/CVE-2025-23161/ SUSE CVE CVE-2025-23161 page https://www.suse.com/security/cve/CVE-2025-37740/ SUSE CVE CVE-2025-37740 page https://www.suse.com/security/cve/CVE-2025-37741/ SUSE CVE CVE-2025-37741 page https://www.suse.com/security/cve/CVE-2025-37742/ SUSE CVE CVE-2025-37742 page https://www.suse.com/security/cve/CVE-2025-37747/ SUSE CVE CVE-2025-37747 page https://www.suse.com/security/cve/CVE-2025-37748/ SUSE CVE CVE-2025-37748 page https://www.suse.com/security/cve/CVE-2025-37749/ SUSE CVE CVE-2025-37749 page https://www.suse.com/security/cve/CVE-2025-37750/ SUSE CVE CVE-2025-37750 page https://www.suse.com/security/cve/CVE-2025-37754/ SUSE CVE CVE-2025-37754 page https://www.suse.com/security/cve/CVE-2025-37755/ SUSE CVE CVE-2025-37755 page https://www.suse.com/security/cve/CVE-2025-37758/ SUSE CVE CVE-2025-37758 page https://www.suse.com/security/cve/CVE-2025-37765/ SUSE CVE CVE-2025-37765 page https://www.suse.com/security/cve/CVE-2025-37766/ SUSE CVE CVE-2025-37766 page https://www.suse.com/security/cve/CVE-2025-37767/ SUSE CVE CVE-2025-37767 page https://www.suse.com/security/cve/CVE-2025-37768/ SUSE CVE CVE-2025-37768 page https://www.suse.com/security/cve/CVE-2025-37769/ SUSE CVE CVE-2025-37769 page https://www.suse.com/security/cve/CVE-2025-37770/ SUSE CVE CVE-2025-37770 page https://www.suse.com/security/cve/CVE-2025-37771/ SUSE CVE CVE-2025-37771 page https://www.suse.com/security/cve/CVE-2025-37772/ SUSE CVE CVE-2025-37772 page https://www.suse.com/security/cve/CVE-2025-37773/ SUSE CVE CVE-2025-37773 page https://www.suse.com/security/cve/CVE-2025-37780/ SUSE CVE CVE-2025-37780 page https://www.suse.com/security/cve/CVE-2025-37781/ SUSE CVE CVE-2025-37781 page https://www.suse.com/security/cve/CVE-2025-37782/ SUSE CVE CVE-2025-37782 page https://www.suse.com/security/cve/CVE-2025-37785/ SUSE CVE CVE-2025-37785 page https://www.suse.com/security/cve/CVE-2025-37787/ SUSE CVE CVE-2025-37787 page https://www.suse.com/security/cve/CVE-2025-37788/ SUSE CVE CVE-2025-37788 page https://www.suse.com/security/cve/CVE-2025-37789/ SUSE CVE CVE-2025-37789 page https://www.suse.com/security/cve/CVE-2025-37790/ SUSE CVE CVE-2025-37790 page https://www.suse.com/security/cve/CVE-2025-37792/ SUSE CVE CVE-2025-37792 page https://www.suse.com/security/cve/CVE-2025-37793/ SUSE CVE CVE-2025-37793 page https://www.suse.com/security/cve/CVE-2025-37794/ SUSE CVE CVE-2025-37794 page https://www.suse.com/security/cve/CVE-2025-37796/ SUSE CVE CVE-2025-37796 page https://www.suse.com/security/cve/CVE-2025-37797/ SUSE CVE CVE-2025-37797 page https://www.suse.com/security/cve/CVE-2025-37798/ SUSE CVE CVE-2025-37798 page https://www.suse.com/security/cve/CVE-2025-37799/ SUSE CVE CVE-2025-37799 page https://www.suse.com/security/cve/CVE-2025-37803/ SUSE CVE CVE-2025-37803 page https://www.suse.com/security/cve/CVE-2025-37804/ SUSE CVE CVE-2025-37804 page https://www.suse.com/security/cve/CVE-2025-37805/ SUSE CVE CVE-2025-37805 page https://www.suse.com/security/cve/CVE-2025-37809/ SUSE CVE CVE-2025-37809 page https://www.suse.com/security/cve/CVE-2025-37810/ SUSE CVE CVE-2025-37810 page https://www.suse.com/security/cve/CVE-2025-37812/ SUSE CVE CVE-2025-37812 page https://www.suse.com/security/cve/CVE-2025-37815/ SUSE CVE CVE-2025-37815 page https://www.suse.com/security/cve/CVE-2025-37819/ SUSE CVE CVE-2025-37819 page https://www.suse.com/security/cve/CVE-2025-37820/ SUSE CVE CVE-2025-37820 page https://www.suse.com/security/cve/CVE-2025-37823/ SUSE CVE CVE-2025-37823 page https://www.suse.com/security/cve/CVE-2025-37824/ SUSE CVE CVE-2025-37824 page https://www.suse.com/security/cve/CVE-2025-37829/ SUSE CVE CVE-2025-37829 page https://www.suse.com/security/cve/CVE-2025-37830/ SUSE CVE CVE-2025-37830 page https://www.suse.com/security/cve/CVE-2025-37831/ SUSE CVE CVE-2025-37831 page https://www.suse.com/security/cve/CVE-2025-37833/ SUSE CVE CVE-2025-37833 page https://www.suse.com/security/cve/CVE-2025-37836/ SUSE CVE CVE-2025-37836 page https://www.suse.com/security/cve/CVE-2025-37839/ SUSE CVE CVE-2025-37839 page https://www.suse.com/security/cve/CVE-2025-37840/ SUSE CVE CVE-2025-37840 page https://www.suse.com/security/cve/CVE-2025-37841/ SUSE CVE CVE-2025-37841 page https://www.suse.com/security/cve/CVE-2025-37842/ SUSE CVE CVE-2025-37842 page https://www.suse.com/security/cve/CVE-2025-37849/ SUSE CVE CVE-2025-37849 page https://www.suse.com/security/cve/CVE-2025-37850/ SUSE CVE CVE-2025-37850 page https://www.suse.com/security/cve/CVE-2025-37851/ SUSE CVE CVE-2025-37851 page https://www.suse.com/security/cve/CVE-2025-37852/ SUSE CVE CVE-2025-37852 page https://www.suse.com/security/cve/CVE-2025-37853/ SUSE CVE CVE-2025-37853 page https://www.suse.com/security/cve/CVE-2025-37854/ SUSE CVE CVE-2025-37854 page https://www.suse.com/security/cve/CVE-2025-37858/ SUSE CVE CVE-2025-37858 page https://www.suse.com/security/cve/CVE-2025-37860/ SUSE CVE CVE-2025-37860 page https://www.suse.com/security/cve/CVE-2025-37867/ SUSE CVE CVE-2025-37867 page https://www.suse.com/security/cve/CVE-2025-37870/ SUSE CVE CVE-2025-37870 page https://www.suse.com/security/cve/CVE-2025-37871/ SUSE CVE CVE-2025-37871 page https://www.suse.com/security/cve/CVE-2025-37873/ SUSE CVE CVE-2025-37873 page https://www.suse.com/security/cve/CVE-2025-37875/ SUSE CVE CVE-2025-37875 page https://www.suse.com/security/cve/CVE-2025-37879/ SUSE CVE CVE-2025-37879 page https://www.suse.com/security/cve/CVE-2025-37881/ SUSE CVE CVE-2025-37881 page https://www.suse.com/security/cve/CVE-2025-37886/ SUSE CVE CVE-2025-37886 page https://www.suse.com/security/cve/CVE-2025-37887/ SUSE CVE CVE-2025-37887 page https://www.suse.com/security/cve/CVE-2025-37889/ SUSE CVE CVE-2025-37889 page https://www.suse.com/security/cve/CVE-2025-37890/ SUSE CVE CVE-2025-37890 page https://www.suse.com/security/cve/CVE-2025-37891/ SUSE CVE CVE-2025-37891 page https://www.suse.com/security/cve/CVE-2025-37892/ SUSE CVE CVE-2025-37892 page https://www.suse.com/security/cve/CVE-2025-37897/ SUSE CVE CVE-2025-37897 page https://www.suse.com/security/cve/CVE-2025-37900/ SUSE CVE CVE-2025-37900 page https://www.suse.com/security/cve/CVE-2025-37901/ SUSE CVE CVE-2025-37901 page https://www.suse.com/security/cve/CVE-2025-37903/ SUSE CVE CVE-2025-37903 page https://www.suse.com/security/cve/CVE-2025-37905/ SUSE CVE CVE-2025-37905 page https://www.suse.com/security/cve/CVE-2025-37911/ SUSE CVE CVE-2025-37911 page https://www.suse.com/security/cve/CVE-2025-37912/ SUSE CVE CVE-2025-37912 page https://www.suse.com/security/cve/CVE-2025-37913/ SUSE CVE CVE-2025-37913 page https://www.suse.com/security/cve/CVE-2025-37914/ SUSE CVE CVE-2025-37914 page https://www.suse.com/security/cve/CVE-2025-37915/ SUSE CVE CVE-2025-37915 page https://www.suse.com/security/cve/CVE-2025-37918/ SUSE CVE CVE-2025-37918 page https://www.suse.com/security/cve/CVE-2025-37925/ SUSE CVE CVE-2025-37925 page https://www.suse.com/security/cve/CVE-2025-37928/ SUSE CVE CVE-2025-37928 page https://www.suse.com/security/cve/CVE-2025-37929/ SUSE CVE CVE-2025-37929 page https://www.suse.com/security/cve/CVE-2025-37930/ SUSE CVE CVE-2025-37930 page https://www.suse.com/security/cve/CVE-2025-37931/ SUSE CVE CVE-2025-37931 page https://www.suse.com/security/cve/CVE-2025-37932/ SUSE CVE CVE-2025-37932 page https://www.suse.com/security/cve/CVE-2025-37937/ SUSE CVE CVE-2025-37937 page https://www.suse.com/security/cve/CVE-2025-37943/ SUSE CVE CVE-2025-37943 page https://www.suse.com/security/cve/CVE-2025-37944/ SUSE CVE CVE-2025-37944 page https://www.suse.com/security/cve/CVE-2025-37948/ SUSE CVE CVE-2025-37948 page https://www.suse.com/security/cve/CVE-2025-37949/ SUSE CVE CVE-2025-37949 page https://www.suse.com/security/cve/CVE-2025-37951/ SUSE CVE CVE-2025-37951 page https://www.suse.com/security/cve/CVE-2025-37953/ SUSE CVE CVE-2025-37953 page https://www.suse.com/security/cve/CVE-2025-37954/ SUSE CVE CVE-2025-37954 page https://www.suse.com/security/cve/CVE-2025-37957/ SUSE CVE CVE-2025-37957 page https://www.suse.com/security/cve/CVE-2025-37958/ SUSE CVE CVE-2025-37958 page https://www.suse.com/security/cve/CVE-2025-37959/ SUSE CVE CVE-2025-37959 page https://www.suse.com/security/cve/CVE-2025-37960/ SUSE CVE CVE-2025-37960 page https://www.suse.com/security/cve/CVE-2025-37963/ SUSE CVE CVE-2025-37963 page https://www.suse.com/security/cve/CVE-2025-37969/ SUSE CVE CVE-2025-37969 page https://www.suse.com/security/cve/CVE-2025-37970/ SUSE CVE CVE-2025-37970 page https://www.suse.com/security/cve/CVE-2025-37972/ SUSE CVE CVE-2025-37972 page https://www.suse.com/security/cve/CVE-2025-37974/ SUSE CVE CVE-2025-37974 page https://www.suse.com/security/cve/CVE-2025-37978/ SUSE CVE CVE-2025-37978 page https://www.suse.com/security/cve/CVE-2025-37979/ SUSE CVE CVE-2025-37979 page https://www.suse.com/security/cve/CVE-2025-37980/ SUSE CVE CVE-2025-37980 page https://www.suse.com/security/cve/CVE-2025-37982/ SUSE CVE CVE-2025-37982 page https://www.suse.com/security/cve/CVE-2025-37983/ SUSE CVE CVE-2025-37983 page https://www.suse.com/security/cve/CVE-2025-37985/ SUSE CVE CVE-2025-37985 page https://www.suse.com/security/cve/CVE-2025-37986/ SUSE CVE CVE-2025-37986 page https://www.suse.com/security/cve/CVE-2025-37989/ SUSE CVE CVE-2025-37989 page https://www.suse.com/security/cve/CVE-2025-37990/ SUSE CVE CVE-2025-37990 page https://www.suse.com/security/cve/CVE-2025-38104/ SUSE CVE CVE-2025-38104 page https://www.suse.com/security/cve/CVE-2025-38152/ SUSE CVE CVE-2025-38152 page https://www.suse.com/security/cve/CVE-2025-38240/ SUSE CVE CVE-2025-38240 page https://www.suse.com/security/cve/CVE-2025-38637/ SUSE CVE CVE-2025-38637 page https://www.suse.com/security/cve/CVE-2025-39728/ SUSE CVE CVE-2025-39728 page https://www.suse.com/security/cve/CVE-2025-39735/ SUSE CVE CVE-2025-39735 page https://www.suse.com/security/cve/CVE-2025-40014/ SUSE CVE CVE-2025-40014 page https://www.suse.com/security/cve/CVE-2025-40325/ SUSE CVE CVE-2025-40325 page SUSE Linux Enterprise Live Patching 15 SP6 SUSE Real Time Module 15 SP6 openSUSE Leap 15.6 cluster-md-kmp-rt-6.4.0-150600.10.39.1 dlm-kmp-rt-6.4.0-150600.10.39.1 gfs2-kmp-rt-6.4.0-150600.10.39.1 kernel-devel-rt-6.4.0-150600.10.39.1 kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 kernel-rt-6.4.0-150600.10.39.1 kernel-rt-devel-6.4.0-150600.10.39.1 kernel-rt-extra-6.4.0-150600.10.39.1 kernel-rt-livepatch-6.4.0-150600.10.39.1 kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 kernel-rt-optional-6.4.0-150600.10.39.1 kernel-rt-vdso-6.4.0-150600.10.39.1 kernel-rt_debug-6.4.0-150600.10.39.1 kernel-rt_debug-devel-6.4.0-150600.10.39.1 kernel-rt_debug-vdso-6.4.0-150600.10.39.1 kernel-source-rt-6.4.0-150600.10.39.1 kernel-syms-rt-6.4.0-150600.10.39.1 kselftests-kmp-rt-6.4.0-150600.10.39.1 ocfs2-kmp-rt-6.4.0-150600.10.39.1 reiserfs-kmp-rt-6.4.0-150600.10.39.1 kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 as a component of SUSE Linux Enterprise Live Patching 15 SP6 cluster-md-kmp-rt-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 dlm-kmp-rt-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 gfs2-kmp-rt-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 kernel-devel-rt-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 kernel-rt-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 kernel-rt-devel-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 kernel-rt_debug-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 kernel-rt_debug-devel-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 kernel-source-rt-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 kernel-syms-rt-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 ocfs2-kmp-rt-6.4.0-150600.10.39.1 as a component of SUSE Real Time Module 15 SP6 cluster-md-kmp-rt-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 dlm-kmp-rt-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 gfs2-kmp-rt-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-devel-rt-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-rt-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-rt-devel-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-rt-extra-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-rt-optional-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-rt-vdso-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-rt_debug-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-rt_debug-devel-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-rt_debug-vdso-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-source-rt-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kernel-syms-rt-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 kselftests-kmp-rt-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 ocfs2-kmp-rt-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 reiserfs-kmp-rt-6.4.0-150600.10.39.1 as a component of openSUSE Leap 15.6 In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000 [ 23.734158] ================================================================================ [ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7 [ 23.734418] shift exponent -1 is negative Ensuring xlate_pos is a positive or zero before BIT. CVE-2023-53034 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2023-53034.html CVE-2023-53034 https://bugzilla.suse.com/1241341 SUSE Bug 1241341 In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach dw2102_i2c_transfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 950e252cb469 ("[media] dw2102: limit messages to buffer size") CVE-2023-53146 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2023-53146.html CVE-2023-53146 https://bugzilla.suse.com/1220112 SUSE Bug 1220112 In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path. This patch adds a workaround to reset conntrack for these packets. Jianbo Liu reports warning splats in their test infrastructure where cloned packets reach the br_netfilter input hook to confirm the conntrack object. Scratch one bit from BR_INPUT_SKB_CB to annotate that this packet has reached the input hook because it is passed up to the bridge device to reach the taps. [ 57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core [ 57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19 [ 57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 <0f> 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1 [ 57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202 [ 57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX: 0000000000000000 [ 57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI: 0000000000000000 [ 57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09: 0000000000000003 [ 57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000 [ 57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800 [ 57.582313] FS: 0000000000000000(0000) GS:ffff88885f840000(0000) knlGS:0000000000000000 [ 57.583040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4: 0000000000370eb0 [ 57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.585440] Call Trace: [ 57.585721] <IRQ> [ 57.585976] ? __warn+0x7d/0x130 [ 57.586323] ? br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.586811] ? report_bug+0xf1/0x1c0 [ 57.587177] ? handle_bug+0x3f/0x70 [ 57.587539] ? exc_invalid_op+0x13/0x60 [ 57.587929] ? asm_exc_invalid_op+0x16/0x20 [ 57.588336] ? br_nf_local_in+0x157/0x180 [br_netfilter] [ 57.588825] nf_hook_slow+0x3d/0xd0 [ 57.589188] ? br_handle_vlan+0x4b/0x110 [ 57.589579] br_pass_frame_up+0xfc/0x150 [ 57.589970] ? br_port_flags_change+0x40/0x40 [ 57.590396] br_handle_frame_finish+0x346/0x5e0 [ 57.590837] ? ipt_do_table+0x32e/0x430 [ 57.591221] ? br_handle_local_finish+0x20/0x20 [ 57.591656] br_nf_hook_thresh+0x4b/0xf0 [br_netfilter] [ 57.592286] ? br_handle_local_finish+0x20/0x20 [ 57.592802] br_nf_pre_routing_finish+0x178/0x480 [br_netfilter] [ 57.593348] ? br_handle_local_finish+0x20/0x20 [ 57.593782] ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat] [ 57.594279] br_nf_pre_routing+0x24c/0x550 [br_netfilter] [ 57.594780] ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter] [ 57.595280] br_handle_frame+0x1f3/0x3d0 [ 57.595676] ? br_handle_local_finish+0x20/0x20 [ 57.596118] ? br_handle_frame_finish+0x5e0/0x5e0 [ 57.596566] __netif_receive_skb_core+0x25b/0xfc0 [ 57.597017] ? __napi_build_skb+0x37/0x40 [ 57.597418] __netif_receive_skb_list_core+0xfb/0x220 CVE-2024-27018 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-27018.html CVE-2024-27018 https://bugzilla.suse.com/1223809 SUSE Bug 1223809 In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges. Example: macvlan0 | br0 / \ ethX ethY ethX (or Y) receives a L2 multicast or broadcast packet containing an IP packet, flow is not yet in conntrack table. 1. skb passes through bridge and fake-ip (br_netfilter)Prerouting. -> skb->_nfct now references a unconfirmed entry 2. skb is broad/mcast packet. bridge now passes clones out on each bridge interface. 3. skb gets passed up the stack. 4. In macvlan case, macvlan driver retains clone(s) of the mcast skb and schedules a work queue to send them out on the lower devices. The clone skb->_nfct is not a copy, it is the same entry as the original skb. The macvlan rx handler then returns RX_HANDLER_PASS. 5. Normal conntrack hooks (in NF_INET_LOCAL_IN) confirm the orig skb. The Macvlan broadcast worker and normal confirm path will race. This race will not happen if step 2 already confirmed a clone. In that case later steps perform skb_clone() with skb->_nfct already confirmed (in hash table). This works fine. But such confirmation won't happen when eb/ip/nftables rules dropped the packets before they reached the nf_confirm step in postrouting. Pablo points out that nf_conntrack_bridge doesn't allow use of stateful nat, so we can safely discard the nf_conn entry and let inet call conntrack again. This doesn't work for bridge netfilter: skb could have a nat transformation. Also bridge nf prevents re-invocation of inet prerouting via 'sabotage_in' hook. Work around this problem by explicit confirmation of the entry at LOCAL_IN time, before upper layer has a chance to clone the unconfirmed entry. The downside is that this disables NAT and conntrack helpers. Alternative fix would be to add locking to all code parts that deal with unconfirmed packets, but even if that could be done in a sane way this opens up other problems, for example: -m physdev --physdev-out eth0 -j SNAT --snat-to 1.2.3.4 -m physdev --physdev-out eth1 -j SNAT --snat-to 1.2.3.5 For multicast case, only one of such conflicting mappings will be created, conntrack only handles 1:1 NAT mappings. Users should set create a setup that explicitly marks such traffic NOTRACK (conntrack bypass) to avoid this, but we cannot auto-bypass them, ruleset might have accept rules for untracked traffic already, so user-visible behaviour would change. CVE-2024-27415 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-27415.html CVE-2024-27415 https://bugzilla.suse.com/1224757 SUSE Bug 1224757 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2024-28956 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-28956.html CVE-2024-28956 https://bugzilla.suse.com/1242006 SUSE Bug 1242006 In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in mptcp_parse_option() CVE-2024-35840 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-35840.html CVE-2024-35840 https://bugzilla.suse.com/1224597 SUSE Bug 1224597 In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via free_event() directly, this can potentially result in a leaked event, such as in the following scenario that doesn't even require a weak IRQ work implementation to trigger: schedule() prepare_task_switch() =======> <NMI> perf_event_overflow() event->pending_sigtrap = ... irq_work_queue(&event->pending_irq) <======= </NMI> perf_event_task_sched_out() event_sched_out() event->pending_sigtrap = 0; atomic_long_inc_not_zero(&event->refcount) task_work_add(&event->pending_task) finish_lock_switch() =======> <IRQ> perf_pending_irq() //do nothing, rely on pending task work <======= </IRQ> begin_new_exec() perf_event_exit_task() perf_event_exit_event() // If is child event free_event() WARN(atomic_long_cmpxchg(&event->refcount, 1, 0) != 1) // event is leaked Similar scenarios can also happen with perf_event_remove_on_exec() or simply against concurrent perf_event_release(). Fix this with synchonizing against the possibly remaining pending task work while freeing the event, just like is done with remaining pending IRQ work. This means that the pending task callback neither need nor should hold a reference to the event, preventing it from ever beeing freed. CVE-2024-43869 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-43869.html CVE-2024-43869 https://bugzilla.suse.com/1229491 SUSE Bug 1229491 In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_mutex order was already wrong, that is, it nesting under mmap_lock is not new with this patch. CVE-2024-46713 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-46713.html CVE-2024-46713 https://bugzilla.suse.com/1230581 SUSE Bug 1230581 In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting down a host. [0] The NULL pointer is sk->sk_user_data, and the offset 8 is of protocol in struct fou. When fou_release() is called due to netns dismantle or explicit tunnel teardown, udp_tunnel_sock_release() sets NULL to sk->sk_user_data. Then, the tunnel socket is destroyed after a single RCU grace period. So, in-flight udp4_gro_receive() could find the socket and execute the FOU GRO handler, where sk->sk_user_data could be NULL. Let's use rcu_dereference_sk_user_data() in fou_from_sock() and add NULL checks in FOU GRO handlers. [0]: BUG: kernel NULL pointer dereference, address: 0000000000000008 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 80000001032f4067 P4D 80000001032f4067 PUD 103240067 PMD 0 SMP PTI CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.10.216-204.855.amzn2.x86_64 #1 Hardware name: Amazon EC2 c5.large/, BIOS 1.0 10/16/2017 RIP: 0010:fou_gro_receive (net/ipv4/fou.c:233) [fou] Code: 41 5f c3 cc cc cc cc e8 e7 2e 69 f4 0f 1f 80 00 00 00 00 0f 1f 44 00 00 49 89 f8 41 54 48 89 f7 48 89 d6 49 8b 80 88 02 00 00 <0f> b6 48 08 0f b7 42 4a 66 25 fd fd 80 cc 02 66 89 42 4a 0f b6 42 RSP: 0018:ffffa330c0003d08 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffff93d9e3a6b900 RCX: 0000000000000010 RDX: ffff93d9e3a6b900 RSI: ffff93d9e3a6b900 RDI: ffff93dac2e24d08 RBP: ffff93d9e3a6b900 R08: ffff93dacbce6400 R09: 0000000000000002 R10: 0000000000000000 R11: ffffffffb5f369b0 R12: ffff93dacbce6400 R13: ffff93dac2e24d08 R14: 0000000000000000 R15: ffffffffb4edd1c0 FS: 0000000000000000(0000) GS:ffff93daee800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 0000000102140001 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> ? show_trace_log_lvl (arch/x86/kernel/dumpstack.c:259) ? __die_body.cold (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420) ? no_context (arch/x86/mm/fault.c:752) ? exc_page_fault (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 arch/x86/mm/fault.c:1435 arch/x86/mm/fault.c:1483) ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:571) ? fou_gro_receive (net/ipv4/fou.c:233) [fou] udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559) udp4_gro_receive (net/ipv4/udp_offload.c:604) inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7)) dev_gro_receive (net/core/dev.c:6035 (discriminator 4)) napi_gro_receive (net/core/dev.c:6170) ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena] ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena] napi_poll (net/core/dev.c:6847) net_rx_action (net/core/dev.c:6917) __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299) asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809) </IRQ> do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77) irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435) common_interrupt (arch/x86/kernel/irq.c:239) asm_common_interrupt (arch/x86/include/asm/idtentry.h:626) RIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575) Code: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 RSP: 0018:ffffffffb5603e58 EFLAGS: 00000246 RAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900 RDX: ffff93daee800000 RSI: ffff93d ---truncated--- CVE-2024-46763 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-46763.html CVE-2024-46763 https://bugzilla.suse.com/1230764 SUSE Bug 1230764 In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized. CVE-2024-46865 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-46865.html CVE-2024-46865 https://bugzilla.suse.com/1231103 SUSE Bug 1231103 In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTO_UNSPEC where needed syzbot managed to call xt_cluster match via ebtables: WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780 [..] ebt_do_table+0x174b/0x2a40 Module registers to NFPROTO_UNSPEC, but it assumes ipv4/ipv6 packet processing. As this is only useful to restrict locally terminating TCP/UDP traffic, register this for ipv4 and ipv6 family only. Pablo points out that this is a general issue, direct users of the set/getsockopt interface can call into targets/matches that were only intended for use with ip(6)tables. Check all UNSPEC matches and targets for similar issues: - matches and targets are fine except if they assume skb_network_header() is valid -- this is only true when called from inet layer: ip(6) stack pulls the ip/ipv6 header into linear data area. - targets that return XT_CONTINUE or other xtables verdicts must be restricted too, they are incompatbile with the ebtables traverser, e.g. EBT_CONTINUE is a completely different value than XT_CONTINUE. Most matches/targets are changed to register for NFPROTO_IPV4/IPV6, as they are provided for use by ip(6)tables. The MARK target is also used by arptables, so register for NFPROTO_ARP too. While at it, bail out if connbytes fails to enable the corresponding conntrack family. This change passes the selftests in iptables.git. CVE-2024-50038 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-50038.html CVE-2024-50038 https://bugzilla.suse.com/1231910 SUSE Bug 1231910 In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5227 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Modules linked in: CPU: 0 UID: 0 PID: 5227 Comm: syz-executor350 Not tainted 6.11.0-syzkaller-08829-gaf9c191ac2a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 net/mptcp/protocol.c:695 Code: 0f b6 dc 31 ff 89 de e8 b5 dd ea f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 98 da ea f5 90 <0f> 0b 90 e9 47 ff ff ff e8 8a da ea f5 90 0f 0b 90 e9 99 e0 ff ff RSP: 0018:ffffc90000006db8 EFLAGS: 00010246 RAX: ffffffff8ba9df18 RBX: 00000000000055f0 RCX: ffff888030023c00 RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0 RBP: 1ffff110062bf1ae R08: ffffffff8ba9cf12 R09: 1ffff110062bf1b8 R10: dffffc0000000000 R11: ffffed10062bf1b9 R12: 0000000000000000 R13: dffffc0000000000 R14: 00000000700cec61 R15: 00000000000081e5 FS: 000055556679c380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020287000 CR3: 0000000077892000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> move_skbs_to_msk net/mptcp/protocol.c:811 [inline] mptcp_data_ready+0x29c/0xa90 net/mptcp/protocol.c:854 subflow_data_ready+0x34a/0x920 net/mptcp/subflow.c:1490 tcp_data_queue+0x20fd/0x76c0 net/ipv4/tcp_input.c:5283 tcp_rcv_established+0xfba/0x2020 net/ipv4/tcp_input.c:6237 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2350 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5662 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5775 process_backlog+0x662/0x15b0 net/core/dev.c:6107 __napi_poll+0xcb/0x490 net/core/dev.c:6771 napi_poll net/core/dev.c:6840 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:6962 handle_softirqs+0x2c5/0x980 kernel/softirq.c:554 do_softirq+0x11b/0x1e0 kernel/softirq.c:455 </IRQ> <TASK> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x1764/0x3e80 net/core/dev.c:4451 dev_queue_xmit include/linux/netdevice.h:3094 [inline] neigh_hh_output include/net/neighbour.h:526 [inline] neigh_output include/net/neighbour.h:540 [inline] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 ip_local_out net/ipv4/ip_output.c:130 [inline] __ip_queue_xmit+0x118c/0x1b80 net/ipv4/ip_output.c:536 __tcp_transmit_skb+0x2544/0x3b30 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_mtu_probe net/ipv4/tcp_output.c:2547 [inline] tcp_write_xmit+0x641d/0x6bf0 net/ipv4/tcp_output.c:2752 __tcp_push_pending_frames+0x9b/0x360 net/ipv4/tcp_output.c:3015 tcp_push_pending_frames include/net/tcp.h:2107 [inline] tcp_data_snd_check net/ipv4/tcp_input.c:5714 [inline] tcp_rcv_established+0x1026/0x2020 net/ipv4/tcp_input.c:6239 tcp_v4_do_rcv+0x96d/0xc70 net/ipv4/tcp_ipv4.c:1915 sk_backlog_rcv include/net/sock.h:1113 [inline] __release_sock+0x214/0x350 net/core/sock.c:3072 release_sock+0x61/0x1f0 net/core/sock.c:3626 mptcp_push_ ---truncated--- CVE-2024-50083 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-50083.html CVE-2024-50083 https://bugzilla.suse.com/1232493 SUSE Bug 1232493 In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has expired and needs to be revoked so it marks the delegation stid revoked and it puts it on a reaper list but then it unlock the state lock and the actual delegation revocation happens without the lock. Once the stid is marked revoked a racing free_stateid processing thread does the following (1) it calls list_del_init() which removes it from the reaper list and (2) frees the delegation stid structure. The laundromat thread ends up not calling the revoke_delegation() function for this particular delegation but that means it will no release the lock lease that exists on the file. Now, a new open for this file comes in and ends up finding that lease list isn't empty and calls nfsd_breaker_owns_lease() which ends up trying to derefence a freed delegation stateid. Leading to the followint use-after-free KASAN warning: kernel: ================================================================== kernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd] kernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205 kernel: kernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9 kernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024 kernel: Call trace: kernel: dump_backtrace+0x98/0x120 kernel: show_stack+0x1c/0x30 kernel: dump_stack_lvl+0x80/0xe8 kernel: print_address_description.constprop.0+0x84/0x390 kernel: print_report+0xa4/0x268 kernel: kasan_report+0xb4/0xf8 kernel: __asan_report_load8_noabort+0x1c/0x28 kernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd] kernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd] kernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd] kernel: nfs4_get_vfs_file+0x634/0x958 [nfsd] kernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd] kernel: nfsd4_open+0xa08/0xe80 [nfsd] kernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd] kernel: nfsd_dispatch+0x22c/0x718 [nfsd] kernel: svc_process_common+0x8e8/0x1960 [sunrpc] kernel: svc_process+0x3d4/0x7e0 [sunrpc] kernel: svc_handle_xprt+0x828/0xe10 [sunrpc] kernel: svc_recv+0x2cc/0x6a8 [sunrpc] kernel: nfsd+0x270/0x400 [nfsd] kernel: kthread+0x288/0x310 kernel: ret_from_fork+0x10/0x20 This patch proposes a fixed that's based on adding 2 new additional stid's sc_status values that help coordinate between the laundromat and other operations (nfsd4_free_stateid() and nfsd4_delegreturn()). First to make sure, that once the stid is marked revoked, it is not removed by the nfsd4_free_stateid(), the laundromat take a reference on the stateid. Then, coordinating whether the stid has been put on the cl_revoked list or we are processing FREE_STATEID and need to make sure to remove it from the list, each check that state and act accordingly. If laundromat has added to the cl_revoke list before the arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove it from the list. If nfsd4_free_stateid() finds that operations arrived before laundromat has placed it on cl_revoke list, it marks the state freed and then laundromat will no longer add it to the list. Also, for nfsd4_delegreturn() when looking for the specified stid, we need to access stid that are marked removed or freeable, it means the laundromat has started processing it but hasn't finished and this delegreturn needs to return nfserr_deleg_revoked and not nfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the lack of it will leave this stid on the cl_revoked list indefinitely. CVE-2024-50106 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-50106.html CVE-2024-50106 https://bugzilla.suse.com/1232882 SUSE Bug 1232882 In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect rxq contains a pointer to the device from where the redirect happened. Currently, the BPF program that was executed after a redirect via BPF_MAP_TYPE_DEVMAP* does not have it set. This is particularly bad since accessing ingress_ifindex, e.g. SEC("xdp") int prog(struct xdp_md *pkt) { return bpf_redirect_map(&dev_redirect_map, 0, 0); } SEC("xdp/devmap") int prog_after_redirect(struct xdp_md *pkt) { bpf_printk("ifindex %i", pkt->ingress_ifindex); return XDP_PASS; } depends on access to rxq, so a NULL pointer gets dereferenced: <1>[ 574.475170] BUG: kernel NULL pointer dereference, address: 0000000000000000 <1>[ 574.475188] #PF: supervisor read access in kernel mode <1>[ 574.475194] #PF: error_code(0x0000) - not-present page <6>[ 574.475199] PGD 0 P4D 0 <4>[ 574.475207] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI <4>[ 574.475217] CPU: 4 UID: 0 PID: 217 Comm: kworker/4:1 Not tainted 6.11.0-rc5-reduced-00859-g780801200300 #23 <4>[ 574.475226] Hardware name: Intel(R) Client Systems NUC13ANHi7/NUC13ANBi7, BIOS ANRPL357.0026.2023.0314.1458 03/14/2023 <4>[ 574.475231] Workqueue: mld mld_ifc_work <4>[ 574.475247] RIP: 0010:bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c <4>[ 574.475257] Code: cc cc cc cc cc cc cc 80 00 00 00 cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 57 20 <48> 8b 52 00 8b 92 e0 00 00 00 48 bf f8 a6 d5 c4 5d a0 ff ff be 0b <4>[ 574.475263] RSP: 0018:ffffa62440280c98 EFLAGS: 00010206 <4>[ 574.475269] RAX: ffffa62440280cd8 RBX: 0000000000000001 RCX: 0000000000000000 <4>[ 574.475274] RDX: 0000000000000000 RSI: ffffa62440549048 RDI: ffffa62440280ce0 <4>[ 574.475278] RBP: ffffa62440280c98 R08: 0000000000000002 R09: 0000000000000001 <4>[ 574.475281] R10: ffffa05dc8b98000 R11: ffffa05f577fca40 R12: ffffa05dcab24000 <4>[ 574.475285] R13: ffffa62440280ce0 R14: ffffa62440549048 R15: ffffa62440549000 <4>[ 574.475289] FS: 0000000000000000(0000) GS:ffffa05f4f700000(0000) knlGS:0000000000000000 <4>[ 574.475294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[ 574.475298] CR2: 0000000000000000 CR3: 000000025522e000 CR4: 0000000000f50ef0 <4>[ 574.475303] PKRU: 55555554 <4>[ 574.475306] Call Trace: <4>[ 574.475313] <IRQ> <4>[ 574.475318] ? __die+0x23/0x70 <4>[ 574.475329] ? page_fault_oops+0x180/0x4c0 <4>[ 574.475339] ? skb_pp_cow_data+0x34c/0x490 <4>[ 574.475346] ? kmem_cache_free+0x257/0x280 <4>[ 574.475357] ? exc_page_fault+0x67/0x150 <4>[ 574.475368] ? asm_exc_page_fault+0x26/0x30 <4>[ 574.475381] ? bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c <4>[ 574.475386] bq_xmit_all+0x158/0x420 <4>[ 574.475397] __dev_flush+0x30/0x90 <4>[ 574.475407] veth_poll+0x216/0x250 [veth] <4>[ 574.475421] __napi_poll+0x28/0x1c0 <4>[ 574.475430] net_rx_action+0x32d/0x3a0 <4>[ 574.475441] handle_softirqs+0xcb/0x2c0 <4>[ 574.475451] do_softirq+0x40/0x60 <4>[ 574.475458] </IRQ> <4>[ 574.475461] <TASK> <4>[ 574.475464] __local_bh_enable_ip+0x66/0x70 <4>[ 574.475471] __dev_queue_xmit+0x268/0xe40 <4>[ 574.475480] ? selinux_ip_postroute+0x213/0x420 <4>[ 574.475491] ? alloc_skb_with_frags+0x4a/0x1d0 <4>[ 574.475502] ip6_finish_output2+0x2be/0x640 <4>[ 574.475512] ? nf_hook_slow+0x42/0xf0 <4>[ 574.475521] ip6_finish_output+0x194/0x300 <4>[ 574.475529] ? __pfx_ip6_finish_output+0x10/0x10 <4>[ 574.475538] mld_sendpack+0x17c/0x240 <4>[ 574.475548] mld_ifc_work+0x192/0x410 <4>[ 574.475557] process_one_work+0x15d/0x380 <4>[ 574.475566] worker_thread+0x29d/0x3a0 <4>[ 574.475573] ? __pfx_worker_thread+0x10/0x10 <4>[ 574.475580] ? __pfx_worker_thread+0x10/0x10 <4>[ 574.475587] kthread+0xcd/0x100 <4>[ 574.475597] ? __pfx_kthread+0x10/0x10 <4>[ 574.475606] ret_from_fork+0x31/0x50 <4>[ 574.475615] ? __pfx_kthread+0x10/0x10 <4>[ 574.475623] ret_from_fork_asm+0x1a/0x ---truncated--- CVE-2024-50162 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-50162.html CVE-2024-50162 https://bugzilla.suse.com/1233075 SUSE Bug 1233075 In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap The bpf_redirect_info is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri->flags field (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that if skb bpf_redirect_neigh() is used with a non-NULL params argument and, subsequently, an XDP redirect is performed using the same bpf_redirect_info struct, the XDP path will get confused and end up crashing, which syzbot managed to trigger. With the stack-allocated bpf_redirect_info, the structure is no longer shared between the SKB and XDP paths, so the crash doesn't happen anymore. However, different code paths using identically-numbered flag values in the same struct field still seems like a bit of a mess, so this patch cleans that up by moving the flag definitions together and redefining the three flags in BPF_F_REDIRECT_INTERNAL to not overlap with the flags used for XDP. It also adds a BUILD_BUG_ON() check to make sure the overlap is not re-introduced by mistake. CVE-2024-50163 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-50163.html CVE-2024-50163 https://bugzilla.suse.com/1233098 SUSE Bug 1233098 In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in task_numa_work() When running stress-ng-vm-segv test, we found a null pointer dereference error in task_numa_work(). Here is the backtrace: [323676.066985] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ...... [323676.067108] CPU: 35 PID: 2694524 Comm: stress-ng-vm-se ...... [323676.067113] pstate: 23401009 (nzCv daif +PAN -UAO +TCO +DIT +SSBS BTYPE=--) [323676.067115] pc : vma_migratable+0x1c/0xd0 [323676.067122] lr : task_numa_work+0x1ec/0x4e0 [323676.067127] sp : ffff8000ada73d20 [323676.067128] x29: ffff8000ada73d20 x28: 0000000000000000 x27: 000000003e89f010 [323676.067130] x26: 0000000000080000 x25: ffff800081b5c0d8 x24: ffff800081b27000 [323676.067133] x23: 0000000000010000 x22: 0000000104d18cc0 x21: ffff0009f7158000 [323676.067135] x20: 0000000000000000 x19: 0000000000000000 x18: ffff8000ada73db8 [323676.067138] x17: 0001400000000000 x16: ffff800080df40b0 x15: 0000000000000035 [323676.067140] x14: ffff8000ada73cc8 x13: 1fffe0017cc72001 x12: ffff8000ada73cc8 [323676.067142] x11: ffff80008001160c x10: ffff000be639000c x9 : ffff8000800f4ba4 [323676.067145] x8 : ffff000810375000 x7 : ffff8000ada73974 x6 : 0000000000000001 [323676.067147] x5 : 0068000b33e26707 x4 : 0000000000000001 x3 : ffff0009f7158000 [323676.067149] x2 : 0000000000000041 x1 : 0000000000004400 x0 : 0000000000000000 [323676.067152] Call trace: [323676.067153] vma_migratable+0x1c/0xd0 [323676.067155] task_numa_work+0x1ec/0x4e0 [323676.067157] task_work_run+0x78/0xd8 [323676.067161] do_notify_resume+0x1ec/0x290 [323676.067163] el0_svc+0x150/0x160 [323676.067167] el0t_64_sync_handler+0xf8/0x128 [323676.067170] el0t_64_sync+0x17c/0x180 [323676.067173] Code: d2888001 910003fd f9000bf3 aa0003f3 (f9401000) [323676.067177] SMP: stopping secondary CPUs [323676.070184] Starting crashdump kernel... stress-ng-vm-segv in stress-ng is used to stress test the SIGSEGV error handling function of the system, which tries to cause a SIGSEGV error on return from unmapping the whole address space of the child process. Normally this program will not cause kernel crashes. But before the munmap system call returns to user mode, a potential task_numa_work() for numa balancing could be added and executed. In this scenario, since the child process has no vma after munmap, the vma_next() in task_numa_work() will return a null pointer even if the vma iterator restarts from 0. Recheck the vma pointer before dereferencing it in task_numa_work(). CVE-2024-50223 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-50223.html CVE-2024-50223 https://bugzilla.suse.com/1233192 SUSE Bug 1233192 In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:inet_sock_destruct+0x1c5/0x1e0 Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00 RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206 RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007 RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00 RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007 R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00 R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __warn+0x88/0x130 ? inet_sock_destruct+0x1c5/0x1e0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x53/0x90 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? inet_sock_destruct+0x1c5/0x1e0 __sk_destruct+0x2a/0x200 rcu_do_batch+0x1aa/0x530 ? rcu_do_batch+0x13b/0x530 rcu_core+0x159/0x2f0 handle_softirqs+0xd3/0x2b0 ? __pfx_smpboot_thread_fn+0x10/0x10 run_ksoftirqd+0x25/0x30 smpboot_thread_fn+0xdd/0x1d0 kthread+0xd3/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ---[ end trace 0000000000000000 ]--- Its possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add() concurrently when sk->sk_state == TCP_LISTEN with sk->sk_lock unlocked, which triggers a data-race around sk->sk_forward_alloc: tcp_v6_rcv tcp_v6_do_rcv skb_clone_and_charge_r sk_rmem_schedule __sk_mem_schedule sk_forward_alloc_add() skb_set_owner_r sk_mem_charge sk_forward_alloc_add() __kfree_skb skb_release_all skb_release_head_state sock_rfree sk_mem_uncharge sk_forward_alloc_add() sk_mem_reclaim // set local var reclaimable __sk_mem_reclaim sk_forward_alloc_add() In this syzkaller testcase, two threads call tcp_v6_do_rcv() with skb->truesize=768, the sk_forward_alloc changes like this: (cpu 1) | (cpu 2) | sk_forward_alloc ... | ... | 0 __sk_mem_schedule() | | +4096 = 4096 | __sk_mem_schedule() | +4096 = 8192 sk_mem_charge() | | -768 = 7424 | sk_mem_charge() | -768 = 6656 ... | ... | sk_mem_uncharge() | | +768 = 7424 reclaimable=7424 | | | sk_mem_uncharge() | +768 = 8192 | reclaimable=8192 | __sk_mem_reclaim() | | -4096 = 4096 | __sk_mem_reclaim() | -8192 = -4096 != 0 The skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when sk->sk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock(). Fix the same issue in dccp_v6_do_rcv(). CVE-2024-53124 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-53124.html CVE-2024-53124 https://bugzilla.suse.com/1234074 SUSE Bug 1234074 In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, and others which put the stability and health of the host at risk. For guest fatalities, the most glaring issue is that KVM fails to ensure tracing is disabled, and *stays* disabled prior to VM-Enter, which is necessary as hardware disallows loading (the guest's) RTIT_CTL if tracing is enabled (enforced via a VMX consistency check). Per the SDM: If the logical processor is operating with Intel PT enabled (if IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the "load IA32_RTIT_CTL" VM-entry control must be 0. On the host side, KVM doesn't validate the guest CPUID configuration provided by userspace, and even worse, uses the guest configuration to decide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring guest CPUID to enumerate more address ranges than are supported in hardware will result in KVM trying to passthrough, save, and load non-existent MSRs, which generates a variety of WARNs, ToPA ERRORs in the host, a potential deadlock, etc. CVE-2024-53135 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-53135.html CVE-2024-53135 https://bugzilla.suse.com/1234154 SUSE Bug 1234154 In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctp_v6_available() A lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints that sctp_v6_available() is calling dev_get_by_index_rcu() and ipv6_chk_addr() without holding rcu. [1] ============================= WARNING: suspicious RCU usage 6.12.0-rc5-virtme #1216 Tainted: G W ----------------------------- net/core/dev.c:876 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by sctp_hello/31495: #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp stack backtrace: CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216 Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:123) lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822) dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7)) sctp_v6_available (net/sctp/ipv6.c:701) sctp sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp sctp_bind (net/sctp/socket.c:320) sctp inet6_bind_sk (net/ipv6/af_inet6.c:465) ? security_socket_bind (security/security.c:4581 (discriminator 1)) __sys_bind (net/socket.c:1848 net/socket.c:1869) ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13)) __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1)) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) RIP: 0033:0x7f59b934a1e7 Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48 All code ======== 0: 44 00 00 add %r8b,(%rax) 3: 48 8b 15 39 8c 0c 00 mov 0xc8c39(%rip),%rdx # 0xc8c43 a: f7 d8 neg %eax c: 64 89 02 mov %eax,%fs:(%rdx) f: b8 ff ff ff ff mov $0xffffffff,%eax 14: eb bd jmp 0xffffffffffffffd3 16: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 1d: 00 00 00 20: 0f 1f 00 nopl (%rax) 23: b8 31 00 00 00 mov $0x31,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c43 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c19 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7 RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000 R10: 00007f59b9253298 R11: 000000000000 ---truncated--- CVE-2024-53139 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-53139.html CVE-2024-53139 https://bugzilla.suse.com/1234157 SUSE Bug 1234157 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: bsg: Set bsg_queue to NULL after removal Currently, this does not cause any issues, but I believe it is necessary to set bsg_queue to NULL after removing it to prevent potential use-after-free (UAF) access. CVE-2024-54458 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-54458.html CVE-2024-54458 https://bugzilla.suse.com/1238992 SUSE Bug 1238992 In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0 Workqueue: events smc_lgr_terminate_work [smc] RIP: 0010:__flush_work+0x19e/0x1b0 Call Trace: ? __wake_up_common+0x7a/0x190 ? work_busy+0x80/0x80 __cancel_work_timer+0xe3/0x160 smc_close_cancel_work+0x1a/0x70 [smc] smc_close_active_abort+0x207/0x360 [smc] __smc_lgr_terminate.part.38+0xc8/0x180 [smc] process_one_work+0x19e/0x340 worker_thread+0x30/0x370 ? process_one_work+0x340/0x340 kthread+0x117/0x130 ? __kthread_cancel_work+0x50/0x50 ret_from_fork+0x22/0x30 This is because when smc_close_cancel_work is triggered, e.g. the RDMA driver is rmmod and the LGR is terminated, the conn->close_work is flushed before initialization, resulting in WARN_ON(!work->func). __smc_lgr_terminate | smc_connect_{rdma|ism} ------------------------------------------------------------- | smc_conn_create | \- smc_lgr_register_conn for conn in lgr->conns_all | \- smc_conn_kill | \- smc_close_active_abort | \- smc_close_cancel_work | \- cancel_work_sync | \- __flush_work | (close_work) | | smc_close_init | \- INIT_WORK(&close_work) So fix this by initializing close_work before establishing the connection. CVE-2024-56641 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-56641.html CVE-2024-56641 https://bugzilla.suse.com/1235526 SUSE Bug 1235526 In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint argument may end up being NULL. More context about this issue is available in [0]. Thus, there is a discrepancy between the reality, that raw_tp arguments can actually be NULL, and the verifier's knowledge, that they are never NULL, causing explicit NULL checks to be deleted, and accesses to such pointers potentially crashing the kernel. To fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special case the dereference and pointer arithmetic to permit it, and allow passing them into helpers/kfuncs; these exceptions are made for raw_tp programs only. Ensure that we don't do this when ref_obj_id > 0, as in that case this is an acquired object and doesn't need such adjustment. The reason we do mask_raw_tp_trusted_reg logic is because other will recheck in places whether the register is a trusted_reg, and then consider our register as untrusted when detecting the presence of the PTR_MAYBE_NULL flag. To allow safe dereference, we enable PROBE_MEM marking when we see loads into trusted pointers with PTR_MAYBE_NULL. While trusted raw_tp arguments can also be passed into helpers or kfuncs where such broken assumption may cause issues, a future patch set will tackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can already be passed into helpers and causes similar problems. Thus, they are left alone for now. It is possible that these checks also permit passing non-raw_tp args that are trusted PTR_TO_BTF_ID with null marking. In such a case, allowing dereference when pointer is NULL expands allowed behavior, so won't regress existing programs, and the case of passing these into helpers is the same as above and will be dealt with later. Also update the failure case in tp_btf_nullable selftest to capture the new behavior, as the verifier will no longer cause an error when directly dereference a raw tracepoint argument marked as __nullable. [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb CVE-2024-56702 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-56702.html CVE-2024-56702 https://bugzilla.suse.com/1235501 SUSE Bug 1235501 In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encode_fh() fails. Relax those assertions because they are wrong. The second linked bug report states commit 16aac5ad1fa9 ("ovl: support encoding non-decodable file handles") in v6.6 as the regressing commit, but this is not accurate. The aforementioned commit only increases the chances of the assertion and allows triggering the assertion with the reproducer using overlayfs, inotify and drop_caches. Triggering this assertion was always possible with other filesystems and other reasons of ->encode_fh() failures and more particularly, it was also possible with the exact same reproducer using overlayfs that is mounted with options index=on,nfs_export=on also on kernels < v6.6. Therefore, I am not listing the aforementioned commit as a Fixes commit. Backport hint: this patch will have a trivial conflict applying to v6.6.y, and other trivial conflicts applying to stable kernels < v6.6. CVE-2024-57924 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-57924.html CVE-2024-57924 https://bugzilla.suse.com/1236086 SUSE Bug 1236086 In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure we do not read a freq out of the opp->rates[] table when called from the indexed variants: dev_pm_opp_find_freq_exact_indexed() or dev_pm_opp_find_freq_ceil/floor_indexed(). Add a secondary parameter to the assert function, unused for assert_single_clk() then add assert_clk_index() which will check for the clock index when called from the _indexed() find functions. CVE-2024-57998 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-57998.html CVE-2024-57998 https://bugzilla.suse.com/1238527 SUSE Bug 1238527 In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". Mark did a conversion of ocfs2 to use folios and sent it to me as a giant patch for review ;-) So I've redone it as individual patches, and credited Mark for the patches where his code is substantially the same. It's not a bad way to do it; his patch had some bugs and my patches had some bugs. Hopefully all our bugs were different from each other. And hopefully Mark likes all the changes I made to his code! This patch (of 23): If we can't read the buffer, be sure to unlock the page before returning. CVE-2024-58001 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58001.html CVE-2024-58001 https://bugzilla.suse.com/1239079 SUSE Bug 1239079 In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535_gsp_cmdq_push() waits for the available page in the GSP cmdq buffer when handling a large RPC request. When it sees at least one available page in the cmdq, it quits the waiting with the amount of free buffer pages in the queue. Unfortunately, it always takes the [write pointer, buf_size) as available buffer pages before rolling back and wrongly calculates the size of the data should be copied. Thus, it can overwrite the RPC request that GSP is currently reading, which causes GSP hang due to corrupted RPC request: [ 549.209389] ------------[ cut here ]------------ [ 549.214010] WARNING: CPU: 8 PID: 6314 at drivers/gpu/drm/nouveau/nvkm/subdev/gsp/r535.c:116 r535_gsp_msgq_wait+0xd0/0x190 [nvkm] [ 549.225678] Modules linked in: nvkm(E+) gsp_log(E) snd_seq_dummy(E) snd_hrtimer(E) snd_seq(E) snd_timer(E) snd_seq_device(E) snd(E) soundcore(E) rfkill(E) qrtr(E) vfat(E) fat(E) ipmi_ssif(E) amd_atl(E) intel_rapl_msr(E) intel_rapl_common(E) mlx5_ib(E) amd64_edac(E) edac_mce_amd(E) kvm_amd(E) ib_uverbs(E) kvm(E) ib_core(E) acpi_ipmi(E) ipmi_si(E) mxm_wmi(E) ipmi_devintf(E) rapl(E) i2c_piix4(E) wmi_bmof(E) joydev(E) ptdma(E) acpi_cpufreq(E) k10temp(E) pcspkr(E) ipmi_msghandler(E) xfs(E) libcrc32c(E) ast(E) i2c_algo_bit(E) crct10dif_pclmul(E) drm_shmem_helper(E) nvme_tcp(E) crc32_pclmul(E) ahci(E) drm_kms_helper(E) libahci(E) nvme_fabrics(E) crc32c_intel(E) nvme(E) cdc_ether(E) mlx5_core(E) nvme_core(E) usbnet(E) drm(E) libata(E) ccp(E) ghash_clmulni_intel(E) mii(E) t10_pi(E) mlxfw(E) sp5100_tco(E) psample(E) pci_hyperv_intf(E) wmi(E) dm_multipath(E) sunrpc(E) dm_mirror(E) dm_region_hash(E) dm_log(E) dm_mod(E) be2iscsi(E) bnx2i(E) cnic(E) uio(E) cxgb4i(E) cxgb4(E) tls(E) libcxgbi(E) libcxgb(E) qla4xxx(E) [ 549.225752] iscsi_boot_sysfs(E) iscsi_tcp(E) libiscsi_tcp(E) libiscsi(E) scsi_transport_iscsi(E) fuse(E) [last unloaded: gsp_log(E)] [ 549.326293] CPU: 8 PID: 6314 Comm: insmod Tainted: G E 6.9.0-rc6+ #1 [ 549.334039] Hardware name: ASRockRack 1U1G-MILAN/N/ROMED8-NL, BIOS L3.12E 09/06/2022 [ 549.341781] RIP: 0010:r535_gsp_msgq_wait+0xd0/0x190 [nvkm] [ 549.347343] Code: 08 00 00 89 da c1 e2 0c 48 8d ac 11 00 10 00 00 48 8b 0c 24 48 85 c9 74 1f c1 e0 0c 4c 8d 6d 30 83 e8 30 89 01 e9 68 ff ff ff <0f> 0b 49 c7 c5 92 ff ff ff e9 5a ff ff ff ba ff ff ff ff be c0 0c [ 549.366090] RSP: 0018:ffffacbccaaeb7d0 EFLAGS: 00010246 [ 549.371315] RAX: 0000000000000000 RBX: 0000000000000012 RCX: 0000000000923e28 [ 549.378451] RDX: 0000000000000000 RSI: 0000000055555554 RDI: ffffacbccaaeb730 [ 549.385590] RBP: 0000000000000001 R08: ffff8bd14d235f70 R09: ffff8bd14d235f70 [ 549.392721] R10: 0000000000000002 R11: ffff8bd14d233864 R12: 0000000000000020 [ 549.399854] R13: ffffacbccaaeb818 R14: 0000000000000020 R15: ffff8bb298c67000 [ 549.406988] FS: 00007f5179244740(0000) GS:ffff8bd14d200000(0000) knlGS:0000000000000000 [ 549.415076] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 549.420829] CR2: 00007fa844000010 CR3: 00000001567dc005 CR4: 0000000000770ef0 [ 549.427963] PKRU: 55555554 [ 549.430672] Call Trace: [ 549.433126] <TASK> [ 549.435233] ? __warn+0x7f/0x130 [ 549.438473] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm] [ 549.443426] ? report_bug+0x18a/0x1a0 [ 549.447098] ? handle_bug+0x3c/0x70 [ 549.450589] ? exc_invalid_op+0x14/0x70 [ 549.454430] ? asm_exc_invalid_op+0x16/0x20 [ 549.458619] ? r535_gsp_msgq_wait+0xd0/0x190 [nvkm] [ 549.463565] r535_gsp_msg_recv+0x46/0x230 [nvkm] [ 549.468257] r535_gsp_rpc_push+0x106/0x160 [nvkm] [ 549.473033] r535_gsp_rpc_rm_ctrl_push+0x40/0x130 [nvkm] [ 549.478422] nvidia_grid_init_vgpu_types+0xbc/0xe0 [nvkm] [ 549.483899] nvidia_grid_init+0xb1/0xd0 [nvkm] [ 549.488420] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.493213] nvkm_device_pci_probe+0x305/0x420 [nvkm] [ 549.498338] local_pci_probe+0x46/ ---truncated--- CVE-2024-58018 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58018.html CVE-2024-58018 https://bugzilla.suse.com/1238990 SUSE Bug 1238990 In the Linux kernel, the following vulnerability has been resolved: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were missing in the OPP consumer node, the kernel will crash with: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 ... pc : _read_bw+0x8/0x10 lr : _opp_table_find_key+0x9c/0x174 ... Call trace: _read_bw+0x8/0x10 (P) _opp_table_find_key+0x9c/0x174 (L) _find_key+0x98/0x168 dev_pm_opp_find_bw_ceil+0x50/0x88 ... In order to fix the crash, create an assert function to check if the bandwidth table was created before trying to get a bandwidth with _read_bw(). CVE-2024-58068 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58068.html CVE-2024-58068 https://bugzilla.suse.com/1238961 SUSE Bug 1238961 In the Linux kernel, the following vulnerability has been resolved: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT In PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible context. bpf_mem_alloc must be used in PREEMPT_RT. This patch is to enforce bpf_mem_alloc in the bpf_local_storage when CONFIG_PREEMPT_RT is enabled. [ 35.118559] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 35.118566] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1832, name: test_progs [ 35.118569] preempt_count: 1, expected: 0 [ 35.118571] RCU nest depth: 1, expected: 1 [ 35.118577] INFO: lockdep is turned off. ... [ 35.118647] __might_resched+0x433/0x5b0 [ 35.118677] rt_spin_lock+0xc3/0x290 [ 35.118700] ___slab_alloc+0x72/0xc40 [ 35.118723] __kmalloc_noprof+0x13f/0x4e0 [ 35.118732] bpf_map_kzalloc+0xe5/0x220 [ 35.118740] bpf_selem_alloc+0x1d2/0x7b0 [ 35.118755] bpf_local_storage_update+0x2fa/0x8b0 [ 35.118784] bpf_sk_storage_get_tracing+0x15a/0x1d0 [ 35.118791] bpf_prog_9a118d86fca78ebb_trace_inet_sock_set_state+0x44/0x66 [ 35.118795] bpf_trace_run3+0x222/0x400 [ 35.118820] __bpf_trace_inet_sock_set_state+0x11/0x20 [ 35.118824] trace_inet_sock_set_state+0x112/0x130 [ 35.118830] inet_sk_state_store+0x41/0x90 [ 35.118836] tcp_set_state+0x3b3/0x640 There is no need to adjust the gfp_flags passing to the bpf_mem_cache_alloc_flags() which only honors the GFP_KERNEL. The verifier has ensured GFP_KERNEL is passed only in sleepable context. It has been an old issue since the first introduction of the bpf_local_storage ~5 years ago, so this patch targets the bpf-next. bpf_mem_alloc is needed to solve it, so the Fixes tag is set to the commit when bpf_mem_alloc was first used in the bpf_local_storage. CVE-2024-58070 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58070.html CVE-2024-58070 https://bugzilla.suse.com/1238983 SUSE Bug 1238983 In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in practice and can lead to recursive locking: $ ip link add veth0 type veth peer name veth1 $ ip link set veth0 up $ ip link set veth1 up $ ip link add link veth0 name veth0.1 type vlan protocol 802.1Q id 1 $ ip link add team0 type team $ ip link set veth0.1 down $ ip link set veth0.1 master team0 team0: Port device veth0.1 added $ ip link set veth0 down $ ip link set veth0 master team0 ============================================ WARNING: possible recursive locking detected 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Not tainted -------------------------------------------- ip/7684 is trying to acquire lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) but task is already holding lock: ffff888016848e00 (team->team_lock_key){+.+.}-{4:4}, at: team_add_slave (drivers/net/team/team_core.c:1147 drivers/net/team/team_core.c:1977) other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(team->team_lock_key); lock(team->team_lock_key); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by ip/7684: stack backtrace: CPU: 3 UID: 0 PID: 7684 Comm: ip Not tainted 6.13.0-rc2-virtme-00441-ga14a429069bb #46 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:122) print_deadlock_bug.cold (kernel/locking/lockdep.c:3040) __lock_acquire (kernel/locking/lockdep.c:3893 kernel/locking/lockdep.c:5226) ? netlink_broadcast_filtered (net/netlink/af_netlink.c:1548) lock_acquire.part.0 (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? trace_lock_acquire (./include/trace/events/lock.h:24 (discriminator 2)) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? lock_acquire (kernel/locking/lockdep.c:5822) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) __mutex_lock (kernel/locking/mutex.c:587 kernel/locking/mutex.c:735) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) ? fib_sync_up (net/ipv4/fib_semantics.c:2167) ? team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) team_device_event (drivers/net/team/team_core.c:2928 drivers/net/team/team_core.c:2951 drivers/net/team/team_core.c:2973) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) __dev_notify_flags (net/core/dev.c:8993) ? __dev_change_flags (net/core/dev.c:8975) dev_change_flags (net/core/dev.c:9027) vlan_device_event (net/8021q/vlan.c:85 net/8021q/vlan.c:470) ? br_device_event (net/bridge/br.c:143) notifier_call_chain (kernel/notifier.c:85) call_netdevice_notifiers_info (net/core/dev.c:1996) dev_open (net/core/dev.c:1519 net/core/dev.c:1505) team_add_slave (drivers/net/team/team_core.c:1219 drivers/net/team/team_core.c:1977) ? __pfx_team_add_slave (drivers/net/team/team_core.c:1972) do_set_master (net/core/rtnetlink.c:2917) do_setlink.isra.0 (net/core/rtnetlink.c:3117) CVE-2024-58071 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58071.html CVE-2024-58071 https://bugzilla.suse.com/1238970 SUSE Bug 1238970 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_storage_[get|delete]") first introduced deadlock prevention for fentry/fexit programs attaching on bpf_task_storage helpers. That commit also employed the logic in map free path in its v6 version. Later bpf_cgrp_storage was first introduced in c4bcfb38a95e ("bpf: Implement cgroup storage available to non-cgroup-attached bpf progs") which faces the same issue as bpf_task_storage, instead of its busy counter, NULL was passed to bpf_local_storage_map_free() which opened a window to cause deadlock: <TASK> (acquiring local_storage->lock) _raw_spin_lock_irqsave+0x3d/0x50 bpf_local_storage_update+0xd1/0x460 bpf_cgrp_storage_get+0x109/0x130 bpf_prog_a4d4a370ba857314_cgrp_ptr+0x139/0x170 ? __bpf_prog_enter_recur+0x16/0x80 bpf_trampoline_6442485186+0x43/0xa4 cgroup_storage_ptr+0x9/0x20 (holding local_storage->lock) bpf_selem_unlink_storage_nolock.constprop.0+0x135/0x160 bpf_selem_unlink_storage+0x6f/0x110 bpf_local_storage_map_free+0xa2/0x110 bpf_map_free_deferred+0x5b/0x90 process_one_work+0x17c/0x390 worker_thread+0x251/0x360 kthread+0xd2/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Progs: - A: SEC("fentry/cgroup_storage_ptr") - cgid (BPF_MAP_TYPE_HASH) Record the id of the cgroup the current task belonging to in this hash map, using the address of the cgroup as the map key. - cgrpa (BPF_MAP_TYPE_CGRP_STORAGE) If current task is a kworker, lookup the above hash map using function parameter @owner as the key to get its corresponding cgroup id which is then used to get a trusted pointer to the cgroup through bpf_cgroup_from_id(). This trusted pointer can then be passed to bpf_cgrp_storage_get() to finally trigger the deadlock issue. - B: SEC("tp_btf/sys_enter") - cgrpb (BPF_MAP_TYPE_CGRP_STORAGE) The only purpose of this prog is to fill Prog A's hash map by calling bpf_cgrp_storage_get() for as many userspace tasks as possible. Steps to reproduce: - Run A; - while (true) { Run B; Destroy B; } Fix this issue by passing its busy counter to the free procedure so it can be properly incremented before storage/smap locking. CVE-2024-58088 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58088.html CVE-2024-58088 https://bugzilla.suse.com/1239510 SUSE Bug 1239510 In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f ("PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free"), we would free the ASPM link only after the last function on the bus pertaining to the given link was removed. That was too late. If function 0 is removed before sibling function, link->downstream would point to free'd memory after. After above change, we freed the ASPM parent link state upon any function removal on the bus pertaining to a given link. That is too early. If the link is to a PCIe switch with MFD on the upstream port, then removing functions other than 0 first would free a link which still remains parent_link to the remaining downstream ports. The resulting GPFs are especially frequent during hot-unplug, because pciehp removes devices on the link bus in reverse order. On that switch, function 0 is the virtual P2P bridge to the internal bus. Free exactly when function 0 is removed -- before the parent link is obsolete, but after all subordinate links are gone. [kwilczynski: commit log] CVE-2024-58093 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58093.html CVE-2024-58093 https://bugzilla.suse.com/1241347 SUSE Bug 1241347 In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfs_truncate_nolock() Added a check for "read-only" mode in the `jfs_truncate_nolock` function to avoid errors related to writing to a read-only filesystem. Call stack: block_write_begin() { jfs_write_failed() { jfs_truncate() { jfs_truncate_nolock() { txEnd() { ... log = JFS_SBI(tblk->sb)->log; // (log == NULL) If the `isReadOnly(ip)` condition is triggered in `jfs_truncate_nolock`, the function execution will stop, and no further data modification will occur. Instead, the `xtTruncate` function will be called with the "COMMIT_WMAP" flag, preventing modifications in "read-only" mode. CVE-2024-58094 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58094.html CVE-2024-58094 https://bugzilla.suse.com/1241443 SUSE Bug 1241443 In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before txBeginAnon() call Added a read-only check before calling `txBeginAnon` in `extAlloc` and `extRecord`. This prevents modification attempts on a read-only mounted filesystem, avoiding potential errors or crashes. Call trace: txBeginAnon+0xac/0x154 extAlloc+0xe8/0xdec fs/jfs/jfs_extent.c:78 jfs_get_block+0x340/0xb98 fs/jfs/inode.c:248 __block_write_begin_int+0x580/0x166c fs/buffer.c:2128 __block_write_begin fs/buffer.c:2177 [inline] block_write_begin+0x98/0x11c fs/buffer.c:2236 jfs_write_begin+0x44/0x88 fs/jfs/inode.c:299 CVE-2024-58095 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58095.html CVE-2024-58095 https://bugzilla.suse.com/1241442 SUSE Bug 1241442 In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode ath11k_hal_srng_* should be used with srng->lock to protect srng data. For ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx(), they use ath11k_hal_srng_* for many times but never call srng->lock. So when running (full) monitor mode, warning will occur: RIP: 0010:ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k] Call Trace: ? ath11k_hal_srng_dst_peek+0x18/0x30 [ath11k] ath11k_dp_rx_process_mon_status+0xc45/0x1190 [ath11k] ? idr_alloc_u32+0x97/0xd0 ath11k_dp_rx_process_mon_rings+0x32a/0x550 [ath11k] ath11k_dp_service_srng+0x289/0x5a0 [ath11k] ath11k_pcic_ext_grp_napi_poll+0x30/0xd0 [ath11k] __napi_poll+0x30/0x1f0 net_rx_action+0x198/0x320 __do_softirq+0xdd/0x319 So add srng->lock for them to avoid such warnings. Inorder to fetch the srng->lock, should change srng's definition from 'void' to 'struct hal_srng'. And initialize them elsewhere to prevent one line of code from being too long. This is consistent with other ring process functions, such as ath11k_dp_process_rx(). Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 CVE-2024-58096 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58096.html CVE-2024-58096 https://bugzilla.suse.com/1241344 SUSE Bug 1241344 In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix RCU stall while reaping monitor destination ring While processing the monitor destination ring, MSDUs are reaped from the link descriptor based on the corresponding buf_id. However, sometimes the driver cannot obtain a valid buffer corresponding to the buf_id received from the hardware. This causes an infinite loop in the destination processing, resulting in a kernel crash. kernel log: ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309 ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed ath11k_pci 0000:58:00.0: data msdu_pop: invalid buf_id 309 ath11k_pci 0000:58:00.0: data dp_rx_monitor_link_desc_return failed Fix this by skipping the problematic buf_id and reaping the next entry, replacing the break with the next MSDU processing. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 CVE-2024-58097 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58097.html CVE-2024-58097 https://bugzilla.suse.com/1241343 SUSE Bug 1241343 In the Linux kernel, the following vulnerability has been resolved: bpf: track changes_pkt_data property for global functions When processing calls to certain helpers, verifier invalidates all packet pointers in a current state. For example, consider the following program: __attribute__((__noinline__)) long skb_pull_data(struct __sk_buff *sk, __u32 len) { return bpf_skb_pull_data(sk, len); } SEC("tc") int test_invalidate_checks(struct __sk_buff *sk) { int *p = (void *)(long)sk->data; if ((void *)(p + 1) > (void *)(long)sk->data_end) return TCX_DROP; skb_pull_data(sk, 0); *p = 42; return TCX_PASS; } After a call to bpf_skb_pull_data() the pointer 'p' can't be used safely. See function filter.c:bpf_helper_changes_pkt_data() for a list of such helpers. At the moment verifier invalidates packet pointers when processing helper function calls, and does not traverse global sub-programs when processing calls to global sub-programs. This means that calls to helpers done from global sub-programs do not invalidate pointers in the caller state. E.g. the program above is unsafe, but is not rejected by verifier. This commit fixes the omission by computing field bpf_subprog_info->changes_pkt_data for each sub-program before main verification pass. changes_pkt_data should be set if: - subprogram calls helper for which bpf_helper_changes_pkt_data returns true; - subprogram calls a global function, for which bpf_subprog_info->changes_pkt_data should be set. The verifier.c:check_cfg() pass is modified to compute this information. The commit relies on depth first instruction traversal done by check_cfg() and absence of recursive function calls: - check_cfg() would eventually visit every call to subprogram S in a state when S is fully explored; - when S is fully explored: - every direct helper call within S is explored (and thus changes_pkt_data is set if needed); - every call to subprogram S1 called by S was visited with S1 fully explored (and thus S inherits changes_pkt_data from S1). The downside of such approach is that dead code elimination is not taken into account: if a helper call inside global function is dead because of current configuration, verifier would conservatively assume that the call occurs for the purpose of the changes_pkt_data computation. CVE-2024-58098 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58098.html CVE-2024-58098 https://bugzilla.suse.com/1242565 SUSE Bug 1242565 In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as IPIP and transmits the packet out the same interface, then in case of vmxnet3 a corrupted packet is being sent and subsequently dropped on the path. vmxnet3_xdp_xmit_frame() which is called e.g. via vmxnet3_run_xdp() through vmxnet3_xdp_xmit_back() calculates an incorrect DMA address: page = virt_to_page(xdpf->data); tbi->dma_addr = page_pool_get_dma_addr(page) + VMXNET3_XDP_HEADROOM; dma_sync_single_for_device(&adapter->pdev->dev, tbi->dma_addr, buf_size, DMA_TO_DEVICE); The above assumes a fixed offset (VMXNET3_XDP_HEADROOM), but the XDP BPF program could have moved xdp->data. While the passed buf_size is correct (xdpf->len), the dma_addr needs to have a dynamic offset which can be calculated as xdpf->data - (void *)xdpf, that is, xdp->data - xdp->data_hard_start. CVE-2024-58099 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58099.html CVE-2024-58099 https://bugzilla.suse.com/1242035 SUSE Bug 1242035 In the Linux kernel, the following vulnerability has been resolved: bpf: check changes_pkt_data property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changes_pkt_data property of the global sub-program. Because of this, an extension program replacing a global sub-program must be compatible with changes_pkt_data property of the sub-program being replaced. This commit: - adds changes_pkt_data flag to struct bpf_prog_aux: - this flag is set in check_cfg() for main sub-program; - in jit_subprogs() for other sub-programs; - modifies bpf_check_attach_btf_id() to check changes_pkt_data flag; - moves call to check_attach_btf_id() after the call to check_cfg(), because it needs changes_pkt_data flag to be set: bpf_check: ... ... - check_attach_btf_id resolve_pseudo_ldimm64 resolve_pseudo_ldimm64 --> bpf_prog_is_offloaded bpf_prog_is_offloaded check_cfg check_cfg + check_attach_btf_id ... ... The following fields are set by check_attach_btf_id(): - env->ops - prog->aux->attach_btf_trace - prog->aux->attach_func_name - prog->aux->attach_func_proto - prog->aux->dst_trampoline - prog->aux->mod - prog->aux->saved_dst_attach_type - prog->aux->saved_dst_prog_type - prog->expected_attach_type Neither of these fields are used by resolve_pseudo_ldimm64() or bpf_prog_offload_verifier_prep() (for netronome and netdevsim drivers), so the reordering is safe. CVE-2024-58100 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58100.html CVE-2024-58100 https://bugzilla.suse.com/1242564 SUSE Bug 1242564 In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers. Making the change in bpf_helper_changes_pkt_data() automatically makes use of check_cfg() logic that computes 'changes_pkt_data' effect for global sub-programs, such that the following program could be rejected: int tail_call(struct __sk_buff *sk) { bpf_tail_call_static(sk, &jmp_table, 0); return 0; } SEC("tc") int not_safe(struct __sk_buff *sk) { int *p = (void *)(long)sk->data; ... make p valid ... tail_call(sk); *p = 42; /* this is unsafe */ ... } The tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that can invalidate packet pointers. Otherwise, it can't be freplaced with tailcall_freplace.c:entry_freplace() that does a tail call. CVE-2024-58237 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2024-58237.html CVE-2024-58237 https://bugzilla.suse.com/1242574 SUSE Bug 1242574 In the Linux kernel, the following vulnerability has been resolved: net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets The blamed commit disabled hardware offoad of IPv6 packets with extension headers on devices that advertise NETIF_F_IPV6_CSUM, based on the definition of that feature in skbuff.h: * * - %NETIF_F_IPV6_CSUM * - Driver (device) is only able to checksum plain * TCP or UDP packets over IPv6. These are specifically * unencapsulated packets of the form IPv6|TCP or * IPv6|UDP where the Next Header field in the IPv6 * header is either TCP or UDP. IPv6 extension headers * are not supported with this feature. This feature * cannot be set in features for a device with * NETIF_F_HW_CSUM also set. This feature is being * DEPRECATED (see below). The change causes skb_warn_bad_offload to fire for BIG TCP packets. [ 496.310233] WARNING: CPU: 13 PID: 23472 at net/core/dev.c:3129 skb_warn_bad_offload+0xc4/0xe0 [ 496.310297] ? skb_warn_bad_offload+0xc4/0xe0 [ 496.310300] skb_checksum_help+0x129/0x1f0 [ 496.310303] skb_csum_hwoffload_help+0x150/0x1b0 [ 496.310306] validate_xmit_skb+0x159/0x270 [ 496.310309] validate_xmit_skb_list+0x41/0x70 [ 496.310312] sch_direct_xmit+0x5c/0x250 [ 496.310317] __qdisc_run+0x388/0x620 BIG TCP introduced an IPV6_TLV_JUMBO IPv6 extension header to communicate packet length, as this is an IPv6 jumbogram. But, the feature is only enabled on devices that support BIG TCP TSO. The header is only present for PF_PACKET taps like tcpdump, and not transmitted by physical devices. For this specific case of extension headers that are not transmitted, return to the situation before the blamed commit and support hardware offload. ipv6_has_hopopt_jumbo() tests not only whether this header is present, but also that it is the only extension header before a terminal (L4) header. CVE-2025-21629 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21629.html CVE-2025-21629 https://bugzilla.suse.com/1235968 SUSE Bug 1235968 In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns. CVE-2025-21648 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21648.html CVE-2025-21648 https://bugzilla.suse.com/1236142 SUSE Bug 1236142 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF set before it was ESTABLISHED. In other words, a non-NULL sk_reuseport_cb does not imply a non-refcounted socket. Drop sk's reference in both error paths. unreferenced object 0xffff888101911800 (size 2048): comm "test_progs", pid 44109, jiffies 4297131437 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 9336483b): __kmalloc_noprof+0x3bf/0x560 __reuseport_alloc+0x1d/0x40 reuseport_alloc+0xca/0x150 reuseport_attach_prog+0x87/0x140 sk_reuseport_attach_bpf+0xc8/0x100 sk_setsockopt+0x1181/0x1990 do_sock_setsockopt+0x12b/0x160 __sys_setsockopt+0x7b/0xc0 __x64_sys_setsockopt+0x1b/0x30 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2025-21683 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21683.html CVE-2025-21683 https://bugzilla.suse.com/1236704 SUSE Bug 1236704 In the Linux kernel, the following vulnerability has been resolved: mm: clear uffd-wp PTE/PMD state on mremap() When mremap()ing a memory region previously registered with userfaultfd as write-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency in flag clearing leads to a mismatch between the vma flags (which have uffd-wp cleared) and the pte/pmd flags (which do not have uffd-wp cleared). This mismatch causes a subsequent mprotect(PROT_WRITE) to trigger a warning in page_table_check_pte_flags() due to setting the pte to writable while uffd-wp is still set. Fix this by always explicitly clearing the uffd-wp pte/pmd flags on any such mremap() so that the values are consistent with the existing clearing of VM_UFFD_WP. Be careful to clear the logical flag regardless of its physical form; a PTE bit, a swap PTE bit, or a PTE marker. Cover PTE, huge PMD and hugetlb paths. CVE-2025-21696 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21696.html CVE-2025-21696 https://bugzilla.suse.com/1237111 SUSE Bug 1237111 In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one. Then, pfifo_tail_enqueue() enqueue new packet and increase scheduler's qlen by one. Finally, pfifo_tail_enqueue() return `NET_XMIT_CN` status code. Weird behaviour: In case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a scheduler that has no packet, the 'drop a packet' step will do nothing. This means the scheduler's qlen still has value equal 0. Then, we continue to enqueue new packet and increase scheduler's qlen by one. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by one and return `NET_XMIT_CN` status code. The problem is: Let's say we have two qdiscs: Qdisc_A and Qdisc_B. - Qdisc_A's type must have '->graft()' function to create parent/child relationship. Let's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`. - Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`. - Qdisc_B is configured to have `sch->limit == 0`. - Qdisc_A is configured to route the enqueued's packet to Qdisc_B. Enqueue packet through Qdisc_A will lead to: - hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B) - Qdisc_B->q.qlen += 1 - pfifo_tail_enqueue() return `NET_XMIT_CN` - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A. The whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1. Replace 'hfsc' with other type (for example: 'drr') still lead to the same problem. This violate the design where parent's qlen should equal to the sum of its childrens'qlen. Bug impact: This issue can be used for user->kernel privilege escalation when it is reachable. CVE-2025-21702 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21702.html CVE-2025-21702 https://bugzilla.suse.com/1237312 SUSE Bug 1237312 In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the bitmask before parsing is not enough to ensure a consistent status, and the MPTCP code has to additionally clear some bitfiled depending on the actually parsed suboption. The above schema is fragile, and syzbot managed to trigger a path where a relevant bitfield is not cleared/initialized: BUG: KMSAN: uninit-value in __mptcp_expand_seq net/mptcp/options.c:1030 [inline] BUG: KMSAN: uninit-value in mptcp_expand_seq net/mptcp/protocol.h:864 [inline] BUG: KMSAN: uninit-value in ack_update_msk net/mptcp/options.c:1060 [inline] BUG: KMSAN: uninit-value in mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209 __mptcp_expand_seq net/mptcp/options.c:1030 [inline] mptcp_expand_seq net/mptcp/protocol.h:864 [inline] ack_update_msk net/mptcp/options.c:1060 [inline] mptcp_incoming_options+0x2036/0x3d30 net/mptcp/options.c:1209 tcp_data_queue+0xb4/0x7be0 net/ipv4/tcp_input.c:5233 tcp_rcv_established+0x1061/0x2510 net/ipv4/tcp_input.c:6264 tcp_v4_do_rcv+0x7f3/0x11a0 net/ipv4/tcp_ipv4.c:1916 tcp_v4_rcv+0x51df/0x5750 net/ipv4/tcp_ipv4.c:2351 ip_protocol_deliver_rcu+0x2a3/0x13d0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [inline] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:460 [inline] ip_rcv_finish+0x4a2/0x520 net/ipv4/ip_input.c:447 NF_HOOK include/linux/netfilter.h:314 [inline] ip_rcv+0xcd/0x380 net/ipv4/ip_input.c:567 __netif_receive_skb_one_core net/core/dev.c:5704 [inline] __netif_receive_skb+0x319/0xa00 net/core/dev.c:5817 process_backlog+0x4ad/0xa50 net/core/dev.c:6149 __napi_poll+0xe7/0x980 net/core/dev.c:6902 napi_poll net/core/dev.c:6971 [inline] net_rx_action+0xa5a/0x19b0 net/core/dev.c:7093 handle_softirqs+0x1a0/0x7c0 kernel/softirq.c:561 __do_softirq+0x14/0x1a kernel/softirq.c:595 do_softirq+0x9a/0x100 kernel/softirq.c:462 __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:389 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x2758/0x57d0 net/core/dev.c:4493 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_hh_output include/net/neighbour.h:523 [inline] neigh_output include/net/neighbour.h:537 [inline] ip_finish_output2+0x187c/0x1b70 net/ipv4/ip_output.c:236 __ip_finish_output+0x287/0x810 ip_finish_output+0x4b/0x600 net/ipv4/ip_output.c:324 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip_output+0x15f/0x3f0 net/ipv4/ip_output.c:434 dst_output include/net/dst.h:450 [inline] ip_local_out net/ipv4/ip_output.c:130 [inline] __ip_queue_xmit+0x1f2a/0x20d0 net/ipv4/ip_output.c:536 ip_queue_xmit+0x60/0x80 net/ipv4/ip_output.c:550 __tcp_transmit_skb+0x3cea/0x4900 net/ipv4/tcp_output.c:1468 tcp_transmit_skb net/ipv4/tcp_output.c:1486 [inline] tcp_write_xmit+0x3b90/0x9070 net/ipv4/tcp_output.c:2829 __tcp_push_pending_frames+0xc4/0x380 net/ipv4/tcp_output.c:3012 tcp_send_fin+0x9f6/0xf50 net/ipv4/tcp_output.c:3618 __tcp_close+0x140c/0x1550 net/ipv4/tcp.c:3130 __mptcp_close_ssk+0x74e/0x16f0 net/mptcp/protocol.c:2496 mptcp_close_ssk+0x26b/0x2c0 net/mptcp/protocol.c:2550 mptcp_pm_nl_rm_addr_or_subflow+0x635/0xd10 net/mptcp/pm_netlink.c:889 mptcp_pm_nl_rm_subflow_received net/mptcp/pm_netlink.c:924 [inline] mptcp_pm_flush_addrs_and_subflows net/mptcp/pm_netlink.c:1688 [inline] mptcp_nl_flush_addrs_list net/mptcp/pm_netlink.c:1709 [inline] mptcp_pm_nl_flush_addrs_doit+0xe10/0x1630 net/mptcp/pm_netlink.c:1750 genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline] ---truncated--- CVE-2025-21707 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21707.html CVE-2025-21707 https://bugzilla.suse.com/1238862 SUSE Bug 1238862 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally, so cancel_hw_scan can pass the condition, but suddenly hw_scan completion unset the flag and calls ieee80211_scan_completed() that will free local->hw_scan_req. Then, cancel_hw_scan raises null-ptr-deref and use-after-free. Fix it by moving the check condition to where protected by mutex. KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f] CPU: 2 PID: 6922 Comm: kworker/2:2 Tainted: G OE Hardware name: LENOVO 2356AD1/2356AD1, BIOS G7ETB6WW (2.76 ) 09/10/2019 Workqueue: events cfg80211_conn_work [cfg80211] RIP: 0010:rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core] Code: 00 45 89 6c 24 1c 0f 85 23 01 00 00 48 8b 85 20 ff ff ff 48 8d RSP: 0018:ffff88811fd9f068 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff88811fd9f258 RCX: 0000000000000001 RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000089 RBP: ffff88811fd9f170 R08: 0000000000000000 R09: 0000000000000000 R10: ffff88811fd9f108 R11: 0000000000000000 R12: ffff88810e47f960 R13: 0000000000000000 R14: 000000000000ffff R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8881d6f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007531dfca55b0 CR3: 00000001be296004 CR4: 00000000001706e0 Call Trace: <TASK> ? show_regs+0x61/0x73 ? __die_body+0x20/0x73 ? die_addr+0x4f/0x7b ? exc_general_protection+0x191/0x1db ? asm_exc_general_protection+0x27/0x30 ? rtw89_fw_h2c_scan_offload_be+0xc33/0x13c3 [rtw89_core] ? rtw89_fw_h2c_scan_offload_be+0x458/0x13c3 [rtw89_core] ? __pfx_rtw89_fw_h2c_scan_offload_be+0x10/0x10 [rtw89_core] ? do_raw_spin_lock+0x75/0xdb ? __pfx_do_raw_spin_lock+0x10/0x10 rtw89_hw_scan_offload+0xb5e/0xbf7 [rtw89_core] ? _raw_spin_unlock+0xe/0x24 ? __mutex_lock.constprop.0+0x40c/0x471 ? __pfx_rtw89_hw_scan_offload+0x10/0x10 [rtw89_core] ? __mutex_lock_slowpath+0x13/0x1f ? mutex_lock+0xa2/0xdc ? __pfx_mutex_lock+0x10/0x10 rtw89_hw_scan_abort+0x58/0xb7 [rtw89_core] rtw89_ops_cancel_hw_scan+0x120/0x13b [rtw89_core] ieee80211_scan_cancel+0x468/0x4d0 [mac80211] ieee80211_prep_connection+0x858/0x899 [mac80211] ieee80211_mgd_auth+0xbea/0xdde [mac80211] ? __pfx_ieee80211_mgd_auth+0x10/0x10 [mac80211] ? cfg80211_find_elem+0x15/0x29 [cfg80211] ? is_bss+0x1b7/0x1d7 [cfg80211] ieee80211_auth+0x18/0x27 [mac80211] cfg80211_mlme_auth+0x3bb/0x3e7 [cfg80211] cfg80211_conn_do_work+0x410/0xb81 [cfg80211] ? __pfx_cfg80211_conn_do_work+0x10/0x10 [cfg80211] ? __kasan_check_read+0x11/0x1f ? psi_group_change+0x8bc/0x944 ? __kasan_check_write+0x14/0x22 ? mutex_lock+0x8e/0xdc ? __pfx_mutex_lock+0x10/0x10 ? __pfx___radix_tree_lookup+0x10/0x10 cfg80211_conn_work+0x245/0x34d [cfg80211] ? __pfx_cfg80211_conn_work+0x10/0x10 [cfg80211] ? update_cfs_rq_load_avg+0x3bc/0x3d7 ? sched_clock_noinstr+0x9/0x1a ? sched_clock+0x10/0x24 ? sched_clock_cpu+0x7e/0x42e ? newidle_balance+0x796/0x937 ? __pfx_sched_clock_cpu+0x10/0x10 ? __pfx_newidle_balance+0x10/0x10 ? __kasan_check_read+0x11/0x1f ? psi_group_change+0x8bc/0x944 ? _raw_spin_unlock+0xe/0x24 ? raw_spin_rq_unlock+0x47/0x54 ? raw_spin_rq_unlock_irq+0x9/0x1f ? finish_task_switch.isra.0+0x347/0x586 ? __schedule+0x27bf/0x2892 ? mutex_unlock+0x80/0xd0 ? do_raw_spin_lock+0x75/0xdb ? __pfx___schedule+0x10/0x10 process_scheduled_works+0x58c/0x821 worker_thread+0x4c7/0x586 ? __kasan_check_read+0x11/0x1f kthread+0x285/0x294 ? __pfx_worker_thread+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x29/0x6f ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> CVE-2025-21729 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21729.html CVE-2025-21729 https://bugzilla.suse.com/1237874 SUSE Bug 1237874 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2025-21755 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21755.html CVE-2025-21755 https://bugzilla.suse.com/1237882 SUSE Bug 1237882 In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection. CVE-2025-21758 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21758.html CVE-2025-21758 https://bugzilla.suse.com/1238737 SUSE Bug 1238737 In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwtunnel in its own cache, and the lwtunnel state will never be freed. Discovered by the ioam6.sh test, kmemleak was recently fixed to catch per-cpu memory leaks. I'm not sure if rpl and seg6 can actually hit this, but in principle I don't see why not. CVE-2025-21768 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21768.html CVE-2025-21768 https://bugzilla.suse.com/1238714 SUSE Bug 1238714 In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul byte. [1] BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline] BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714 string_nocheck lib/vsprintf.c:633 [inline] string+0x3ec/0x5f0 lib/vsprintf.c:714 vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843 __request_module+0x252/0x9f0 kernel/module/kmod.c:149 team_mode_get drivers/net/team/team_core.c:480 [inline] team_change_mode drivers/net/team/team_core.c:607 [inline] team_mode_option_set+0x437/0x970 drivers/net/team/team_core.c:1401 team_option_set drivers/net/team/team_core.c:375 [inline] team_nl_options_set_doit+0x1339/0x1f90 drivers/net/team/team_core.c:2662 genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2543 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1892 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:733 ____sys_sendmsg+0x877/0xb60 net/socket.c:2573 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2627 __sys_sendmsg net/socket.c:2659 [inline] __do_sys_sendmsg net/socket.c:2664 [inline] __se_sys_sendmsg net/socket.c:2662 [inline] __x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2662 x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CVE-2025-21787 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21787.html CVE-2025-21787 https://bugzilla.suse.com/1238774 SUSE Bug 1238774 In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SO_BINDTODEVICE socket option, a refcount leak will occur in ax25_release(). Commit 9fd75b66b8f6 ("ax25: Fix refcount leaks caused by ax25_cb_del()") added decrement of device refcounts in ax25_release(). In order for that to work correctly the refcounts must already be incremented when the device is bound to the socket. An AX25 device can be bound to a socket by either calling ax25_bind() or setting SO_BINDTODEVICE socket option. In both cases the refcounts should be incremented, but in fact it is done only in ax25_bind(). This bug leads to the following issue reported by Syzkaller: ================================================================ refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 1 PID: 5932 at lib/refcount.c:31 refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31 Modules linked in: CPU: 1 UID: 0 PID: 5932 Comm: syz-executor424 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:refcount_warn_saturate+0x1ed/0x210 lib/refcount.c:31 Call Trace: <TASK> __refcount_dec include/linux/refcount.h:336 [inline] refcount_dec include/linux/refcount.h:351 [inline] ref_tracker_free+0x710/0x820 lib/ref_tracker.c:236 netdev_tracker_free include/linux/netdevice.h:4156 [inline] netdev_put include/linux/netdevice.h:4173 [inline] netdev_put include/linux/netdevice.h:4169 [inline] ax25_release+0x33f/0xa10 net/ax25/af_ax25.c:1069 __sock_release+0xb0/0x270 net/socket.c:640 sock_close+0x1c/0x30 net/socket.c:1408 ... do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> ================================================================ Fix the implementation of ax25_setsockopt() by adding increment of refcounts for the new device bound, and decrement of refcounts for the old unbound device. CVE-2025-21792 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21792.html CVE-2025-21792 https://bugzilla.suse.com/1238745 SUSE Bug 1238745 In the Linux kernel, the following vulnerability has been resolved: net: let net.core.dev_weight always be non-zero The following problem was encountered during stability test: (NULL net_device): NAPI poll function process_backlog+0x0/0x530 \ returned 1, exceeding its budget of 0. ------------[ cut here ]------------ list_add double add: new=ffff88905f746f48, prev=ffff88905f746f48, \ next=ffff88905f746e40. WARNING: CPU: 18 PID: 5462 at lib/list_debug.c:35 \ __list_add_valid_or_report+0xf3/0x130 CPU: 18 UID: 0 PID: 5462 Comm: ping Kdump: loaded Not tainted 6.13.0-rc7+ RIP: 0010:__list_add_valid_or_report+0xf3/0x130 Call Trace: ? __warn+0xcd/0x250 ? __list_add_valid_or_report+0xf3/0x130 enqueue_to_backlog+0x923/0x1070 netif_rx_internal+0x92/0x2b0 __netif_rx+0x15/0x170 loopback_xmit+0x2ef/0x450 dev_hard_start_xmit+0x103/0x490 __dev_queue_xmit+0xeac/0x1950 ip_finish_output2+0x6cc/0x1620 ip_output+0x161/0x270 ip_push_pending_frames+0x155/0x1a0 raw_sendmsg+0xe13/0x1550 __sys_sendto+0x3bf/0x4e0 __x64_sys_sendto+0xdc/0x1b0 do_syscall_64+0x5b/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e The reproduction command is as follows: sysctl -w net.core.dev_weight=0 ping 127.0.0.1 This is because when the napi's weight is set to 0, process_backlog() may return 0 and clear the NAPI_STATE_SCHED bit of napi->state, causing this napi to be re-polled in net_rx_action() until __do_softirq() times out. Since the NAPI_STATE_SCHED bit has been cleared, napi_schedule_rps() can be retriggered in enqueue_to_backlog(), causing this issue. Making the napi's weight always non-zero solves this problem. Triggering this issue requires system-wide admin (setting is not namespaced). CVE-2025-21806 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21806.html CVE-2025-21806 https://bugzilla.suse.com/1238746 SUSE Bug 1238746 In the Linux kernel, the following vulnerability has been resolved: net: xdp: Disallow attaching device-bound programs in generic mode Device-bound programs are used to support RX metadata kfuncs. These kfuncs are driver-specific and rely on the driver context to read the metadata. This means they can't work in generic XDP mode. However, there is no check to disallow such programs from being attached in generic mode, in which case the metadata kfuncs will be called in an invalid context, leading to crashes. Fix this by adding a check to disallow attaching device-bound programs in generic mode. CVE-2025-21808 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21808.html CVE-2025-21808 https://bugzilla.suse.com/1238742 SUSE Bug 1238742 In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev->ax25_ptr syzbot found a lockdep issue [1]. We should remove ax25 RTNL dependency in ax25_setsockopt() This should also fix a variety of possible UAF in ax25. [1] WARNING: possible circular locking dependency detected 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted ------------------------------------------------------ syz.5.1818/12806 is trying to acquire lock: ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680 but task is already holding lock: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline] ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (sk_lock-AF_AX25){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 lock_sock_nested+0x48/0x100 net/core/sock.c:3642 lock_sock include/net/sock.h:1618 [inline] ax25_kill_by_device net/ax25/af_ax25.c:101 [inline] ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146 notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85 __dev_notify_flags+0x207/0x400 dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026 dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563 dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820 sock_do_ioctl+0x240/0x460 net/socket.c:1234 sock_ioctl+0x626/0x8e0 net/socket.c:1339 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (rtnl_mutex){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735 ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680 do_sock_setsockopt+0x3af/0x720 net/socket.c:2324 __sys_setsockopt net/socket.c:2349 [inline] __do_sys_setsockopt net/socket.c:2355 [inline] __se_sys_setsockopt net/socket.c:2352 [inline] __x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_AX25); lock(rtnl_mutex); lock(sk_lock-AF_AX25); lock(rtnl_mutex); *** DEADLOCK *** 1 lock held by syz.5.1818/12806: #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline] #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574 stack backtrace: CPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/lockin ---truncated--- CVE-2025-21812 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21812.html CVE-2025-21812 https://bugzilla.suse.com/1238471 SUSE Bug 1238471 https://bugzilla.suse.com/1240736 SUSE Bug 1240736 In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c. Instead use a dummy callback if no better was specified by the driver. CVE-2025-21814 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21814.html CVE-2025-21814 https://bugzilla.suse.com/1238473 SUSE Bug 1238473 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a NULL pointer. CVE-2025-21833 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21833.html CVE-2025-21833 https://bugzilla.suse.com/1239108 SUSE Bug 1239108 In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. CVE-2025-21836 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21836.html CVE-2025-21836 https://bugzilla.suse.com/1239066 SUSE Bug 1239066 In the Linux kernel, the following vulnerability has been resolved: net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Yan Zhai reported a BPF prog could trigger a null-ptr-deref [0] in trace_kfree_skb if the prog does not check if rx_sk is NULL. Commit c53795d48ee8 ("net: add rx_sk to trace_kfree_skb") added rx_sk to trace_kfree_skb, but rx_sk is optional and could be NULL. Let's add kfree_skb to raw_tp_null_args[] to let the BPF verifier validate such a prog and prevent the issue. Now we fail to load such a prog: libbpf: prog 'drop': -- BEGIN PROG LOAD LOG -- 0: R1=ctx() R10=fp0 ; int BPF_PROG(drop, struct sk_buff *skb, void *location, @ kfree_skb_sk_null.bpf.c:21 0: (79) r3 = *(u64 *)(r1 +24) func 'kfree_skb' arg3 has btf_id 5253 type STRUCT 'sock' 1: R1=ctx() R3_w=trusted_ptr_or_null_sock(id=1) ; bpf_printk("sk: %d, %d\n", sk, sk->__sk_common.skc_family); @ kfree_skb_sk_null.bpf.c:24 1: (69) r4 = *(u16 *)(r3 +16) R3 invalid mem access 'trusted_ptr_or_null_' processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 -- END PROG LOAD LOG -- Note this fix requires commit 838a10bd2ebf ("bpf: Augment raw_tp arguments with PTR_MAYBE_NULL"). [0]: BUG: kernel NULL pointer dereference, address: 0000000000000010 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 0 P4D 0 PREEMPT SMP RIP: 0010:bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x148/0x420 ? search_bpf_extables+0x5b/0x70 ? fixup_exception+0x27/0x2c0 ? exc_page_fault+0x75/0x170 ? asm_exc_page_fault+0x22/0x30 ? bpf_prog_5e21a6db8fcff1aa_drop+0x10/0x2d bpf_trace_run4+0x68/0xd0 ? unix_stream_connect+0x1f4/0x6f0 sk_skb_reason_drop+0x90/0x120 unix_stream_connect+0x1f4/0x6f0 __sys_connect+0x7f/0xb0 __x64_sys_connect+0x14/0x20 do_syscall_64+0x47/0xc30 entry_SYSCALL_64_after_hwframe+0x4b/0x53 CVE-2025-21852 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21852.html CVE-2025-21852 https://bugzilla.suse.com/1239487 SUSE Bug 1239487 In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freeze_mutex for entire duration of all the mm and VMA manipulations, which is completely unnecessary. This can potentially also lead to deadlocks, as reported by syzbot in [0]. So, instead, hold freeze_mutex only during writeability checks, bump (proactively) "write active" count for the map, unlock the mutex and proceed with mmap logic. And only if something went wrong during mmap logic, then undo that "write active" counter increment. [0] https://lore.kernel.org/bpf/678dcbc9.050a0220.303755.0066.GAE@google.com/ CVE-2025-21853 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21853.html CVE-2025-21853 https://bugzilla.suse.com/1239476 SUSE Bug 1239476 In the Linux kernel, the following vulnerability has been resolved: sockmap, vsock: For connectible sockets allow only connected sockmap expects all vsocks to have a transport assigned, which is expressed in vsock_proto::psock_update_sk_prot(). However, there is an edge case where an unconnected (connectible) socket may lose its previously assigned transport. This is handled with a NULL check in the vsock/BPF recv path. Another design detail is that listening vsocks are not supposed to have any transport assigned at all. Which implies they are not supported by the sockmap. But this is complicated by the fact that a socket, before switching to TCP_LISTEN, may have had some transport assigned during a failed connect() attempt. Hence, we may end up with a listening vsock in a sockmap, which blows up quickly: KASAN: null-ptr-deref in range [0x0000000000000120-0x0000000000000127] CPU: 7 UID: 0 PID: 56 Comm: kworker/7:0 Not tainted 6.14.0-rc1+ Workqueue: vsock-loopback vsock_loopback_work RIP: 0010:vsock_read_skb+0x4b/0x90 Call Trace: sk_psock_verdict_data_ready+0xa4/0x2e0 virtio_transport_recv_pkt+0x1ca8/0x2acc vsock_loopback_work+0x27d/0x3f0 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x35a/0x700 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 For connectible sockets, instead of relying solely on the state of vsk->transport, tell sockmap to only allow those representing established connections. This aligns with the behaviour for AF_INET and AF_UNIX. CVE-2025-21854 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21854.html CVE-2025-21854 https://bugzilla.suse.com/1239470 SUSE Bug 1239470 In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. CVE-2025-21863 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21863.html CVE-2025-21863 https://bugzilla.suse.com/1239475 SUSE Bug 1239475 In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The cause of the issue was that eth_skb_pkt_type() accessed skb's data that didn't contain an Ethernet header. This occurs when bpf_prog_test_run_xdp() passes an invalid value as the user_data argument to bpf_test_init(). Fix this by returning an error when user_data is less than ETH_HLEN in bpf_test_init(). Additionally, remove the check for "if (user_size > size)" as it is unnecessary. [1] BUG: KMSAN: use-after-free in eth_skb_pkt_type include/linux/etherdevice.h:627 [inline] BUG: KMSAN: use-after-free in eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165 eth_skb_pkt_type include/linux/etherdevice.h:627 [inline] eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165 __xdp_build_skb_from_frame+0x5a8/0xa50 net/core/xdp.c:635 xdp_recv_frames net/bpf/test_run.c:272 [inline] xdp_test_run_batch net/bpf/test_run.c:361 [inline] bpf_test_run_xdp_live+0x2954/0x3330 net/bpf/test_run.c:390 bpf_prog_test_run_xdp+0x148e/0x1b10 net/bpf/test_run.c:1318 bpf_prog_test_run+0x5b7/0xa30 kernel/bpf/syscall.c:4371 __sys_bpf+0x6a6/0xe20 kernel/bpf/syscall.c:5777 __do_sys_bpf kernel/bpf/syscall.c:5866 [inline] __se_sys_bpf kernel/bpf/syscall.c:5864 [inline] __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:5864 x64_sys_call+0x2ea0/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: free_pages_prepare mm/page_alloc.c:1056 [inline] free_unref_page+0x156/0x1320 mm/page_alloc.c:2657 __free_pages+0xa3/0x1b0 mm/page_alloc.c:4838 bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline] ringbuf_map_free+0xff/0x1e0 kernel/bpf/ringbuf.c:235 bpf_map_free kernel/bpf/syscall.c:838 [inline] bpf_map_free_deferred+0x17c/0x310 kernel/bpf/syscall.c:862 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa2b/0x1b60 kernel/workqueue.c:3310 worker_thread+0xedf/0x1550 kernel/workqueue.c:3391 kthread+0x535/0x6b0 kernel/kthread.c:389 ret_from_fork+0x6e/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 CPU: 1 UID: 0 PID: 17276 Comm: syz.1.16450 Not tainted 6.12.0-05490-g9bb88c659673 #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 CVE-2025-21867 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21867.html CVE-2025-21867 https://bugzilla.suse.com/1240181 SUSE Bug 1240181 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: bsg: Fix crash when arpmb command fails If the device doesn't support arpmb we'll crash due to copying user data in bsg_transport_sg_io_fn(). In the case where ufs_bsg_exec_advanced_rpmb_req() returns an error, do not set the job's reply_len. Memory crash backtrace: 3,1290,531166405,-;ufshcd 0000:00:12.5: ARPMB OP failed: error code -22 4,1308,531166555,-;Call Trace: 4,1309,531166559,-; <TASK> 4,1310,531166565,-; ? show_regs+0x6d/0x80 4,1311,531166575,-; ? die+0x37/0xa0 4,1312,531166583,-; ? do_trap+0xd4/0xf0 4,1313,531166593,-; ? do_error_trap+0x71/0xb0 4,1314,531166601,-; ? usercopy_abort+0x6c/0x80 4,1315,531166610,-; ? exc_invalid_op+0x52/0x80 4,1316,531166622,-; ? usercopy_abort+0x6c/0x80 4,1317,531166630,-; ? asm_exc_invalid_op+0x1b/0x20 4,1318,531166643,-; ? usercopy_abort+0x6c/0x80 4,1319,531166652,-; __check_heap_object+0xe3/0x120 4,1320,531166661,-; check_heap_object+0x185/0x1d0 4,1321,531166670,-; __check_object_size.part.0+0x72/0x150 4,1322,531166679,-; __check_object_size+0x23/0x30 4,1323,531166688,-; bsg_transport_sg_io_fn+0x314/0x3b0 CVE-2025-21873 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21873.html CVE-2025-21873 https://bugzilla.suse.com/1240184 SUSE Bug 1240184 In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sock_owned_by_me include/net/sock.h:1711 [inline] WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 msk_owned_by_me net/mptcp/protocol.h:363 [inline] WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788 Modules linked in: CPU: 0 UID: 0 PID: 6693 Comm: syz.0.205 Not tainted 6.14.0-rc2-syzkaller-00303-gad1b832bf1cf #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 RIP: 0010:sock_owned_by_me include/net/sock.h:1711 [inline] RIP: 0010:msk_owned_by_me net/mptcp/protocol.h:363 [inline] RIP: 0010:mptcp_pm_nl_addr_send_ack+0x57c/0x610 net/mptcp/pm_netlink.c:788 Code: 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ca 7b d3 f5 eb b9 e8 c3 7b d3 f5 90 0f 0b 90 e9 dd fb ff ff e8 b5 7b d3 f5 90 <0f> 0b 90 e9 3e fb ff ff 44 89 f1 80 e1 07 38 c1 0f 8c eb fb ff ff RSP: 0000:ffffc900034f6f60 EFLAGS: 00010283 RAX: ffffffff8bee3c2b RBX: 0000000000000001 RCX: 0000000000080000 RDX: ffffc90004d42000 RSI: 000000000000a407 RDI: 000000000000a408 RBP: ffffc900034f7030 R08: ffffffff8bee37f6 R09: 0100000000000000 R10: dffffc0000000000 R11: ffffed100bcc62e4 R12: ffff88805e6316e0 R13: ffff88805e630c00 R14: dffffc0000000000 R15: ffff88805e630c00 FS: 00007f7e9a7e96c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b2fd18ff8 CR3: 0000000032c24000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> mptcp_pm_remove_addr+0x103/0x1d0 net/mptcp/pm.c:59 mptcp_pm_remove_anno_addr+0x1f4/0x2f0 net/mptcp/pm_netlink.c:1486 mptcp_nl_remove_subflow_and_signal_addr net/mptcp/pm_netlink.c:1518 [inline] mptcp_pm_nl_del_addr_doit+0x118d/0x1af0 net/mptcp/pm_netlink.c:1629 genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0xb1f/0xec0 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2543 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1892 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:733 ____sys_sendmsg+0x53a/0x860 net/socket.c:2573 ___sys_sendmsg net/socket.c:2627 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2659 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f7e9998cde9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7e9a7e9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f7e99ba5fa0 RCX: 00007f7e9998cde9 RDX: 000000002000c094 RSI: 0000400000000000 RDI: 0000000000000007 RBP: 00007f7e99a0e2a0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f7e99ba5fa0 R15: 00007fff49231088 Indeed the PM can try to send a RM_ADDR over a msk without acquiring first the msk socket lock. The bugged code-path comes from an early optimization: when there are no subflows, the PM should (usually) not send RM_ADDR notifications. The above statement is incorrect, as without locks another process could concur ---truncated--- CVE-2025-21875 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21875.html CVE-2025-21875 https://bugzilla.suse.com/1240168 SUSE Bug 1240168 In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobe_write_opcode() We triggered the following crash in syzkaller tests: BUG: Bad page state in process syz.7.38 pfn:1eff3 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eff3 flags: 0x3fffff00004004(referenced|reserved|node=0|zone=1|lastcpupid=0x1fffff) raw: 003fffff00004004 ffffe6c6c07bfcc8 ffffe6c6c07bfcc8 0000000000000000 raw: 0000000000000000 0000000000000000 00000000fffffffe 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x32/0x50 bad_page+0x69/0xf0 free_unref_page_prepare+0x401/0x500 free_unref_page+0x6d/0x1b0 uprobe_write_opcode+0x460/0x8e0 install_breakpoint.part.0+0x51/0x80 register_for_each_vma+0x1d9/0x2b0 __uprobe_register+0x245/0x300 bpf_uprobe_multi_link_attach+0x29b/0x4f0 link_create+0x1e2/0x280 __sys_bpf+0x75f/0xac0 __x64_sys_bpf+0x1a/0x30 do_syscall_64+0x56/0x100 entry_SYSCALL_64_after_hwframe+0x78/0xe2 BUG: Bad rss-counter state mm:00000000452453e0 type:MM_FILEPAGES val:-1 The following syzkaller test case can be used to reproduce: r2 = creat(&(0x7f0000000000)='./file0\x00', 0x8) write$nbd(r2, &(0x7f0000000580)=ANY=[], 0x10) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0) r5 = userfaultfd(0x80801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x20}) r6 = userfaultfd(0x80801) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2}) ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}}) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x2, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000120000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r7, 0x0, 0x30, 0x1e, @val=@uprobe_multi={&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)=[0x2], 0x0, 0x0, 0x1}}, 0x40) The cause is that zero pfn is set to the PTE without increasing the RSS count in mfill_atomic_pte_zeropage() and the refcount of zero folio does not increase accordingly. Then, the operation on the same pfn is performed in uprobe_write_opcode()->__replace_page() to unconditional decrease the RSS count and old_folio's refcount. Therefore, two bugs are introduced: 1. The RSS count is incorrect, when process exit, the check_mm() report error "Bad rss-count". 2. The reserved folio (zero folio) is freed when folio->refcount is zero, then free_pages_prepare->free_page_is_bad() report error "Bad page state". There is more, the following warning could also theoretically be triggered: __replace_page() -> ... -> folio_remove_rmap_pte() -> VM_WARN_ON_FOLIO(is_zero_folio(folio), folio) Considering that uprobe hit on the zero folio is a very rare case, just reject zero old folio immediately after get_user_page_vma_remote(). [ mingo: Cleaned up the changelog ] CVE-2025-21881 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21881.html CVE-2025-21881 https://bugzilla.suse.com/1240185 SUSE Bug 1240185 In the Linux kernel, the following vulnerability has been resolved: net: better track kernel sockets lifetime While kernel sockets are dismantled during pernet_operations->exit(), their freeing can be delayed by any tx packets still held in qdisc or device queues, due to skb_set_owner_w() prior calls. This then trigger the following warning from ref_tracker_dir_exit() [1] To fix this, make sure that kernel sockets own a reference on net->passive. Add sk_net_refcnt_upgrade() helper, used whenever a kernel socket is converted to a refcounted one. [1] [ 136.263918][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at [ 136.263918][ T35] sk_alloc+0x2b3/0x370 [ 136.263918][ T35] inet6_create+0x6ce/0x10f0 [ 136.263918][ T35] __sock_create+0x4c0/0xa30 [ 136.263918][ T35] inet_ctl_sock_create+0xc2/0x250 [ 136.263918][ T35] igmp6_net_init+0x39/0x390 [ 136.263918][ T35] ops_init+0x31e/0x590 [ 136.263918][ T35] setup_net+0x287/0x9e0 [ 136.263918][ T35] copy_net_ns+0x33f/0x570 [ 136.263918][ T35] create_new_namespaces+0x425/0x7b0 [ 136.263918][ T35] unshare_nsproxy_namespaces+0x124/0x180 [ 136.263918][ T35] ksys_unshare+0x57d/0xa70 [ 136.263918][ T35] __x64_sys_unshare+0x38/0x40 [ 136.263918][ T35] do_syscall_64+0xf3/0x230 [ 136.263918][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.263918][ T35] [ 136.343488][ T35] ref_tracker: net notrefcnt@ffff8880638f01e0 has 1/2 users at [ 136.343488][ T35] sk_alloc+0x2b3/0x370 [ 136.343488][ T35] inet6_create+0x6ce/0x10f0 [ 136.343488][ T35] __sock_create+0x4c0/0xa30 [ 136.343488][ T35] inet_ctl_sock_create+0xc2/0x250 [ 136.343488][ T35] ndisc_net_init+0xa7/0x2b0 [ 136.343488][ T35] ops_init+0x31e/0x590 [ 136.343488][ T35] setup_net+0x287/0x9e0 [ 136.343488][ T35] copy_net_ns+0x33f/0x570 [ 136.343488][ T35] create_new_namespaces+0x425/0x7b0 [ 136.343488][ T35] unshare_nsproxy_namespaces+0x124/0x180 [ 136.343488][ T35] ksys_unshare+0x57d/0xa70 [ 136.343488][ T35] __x64_sys_unshare+0x38/0x40 [ 136.343488][ T35] do_syscall_64+0xf3/0x230 [ 136.343488][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f CVE-2025-21884 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21884.html CVE-2025-21884 https://bugzilla.suse.com/1240171 SUSE Bug 1240171 In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The issue was caused by dput(upper) being called before ovl_dentry_update_reval(), while upper->d_flags was still accessed in ovl_dentry_remote(). Move dput(upper) after its last use to prevent use-after-free. BUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline] BUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 ovl_dentry_remote fs/overlayfs/util.c:162 [inline] ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167 ovl_link_up fs/overlayfs/copy_up.c:610 [inline] ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170 ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223 ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136 vfs_rename+0xf84/0x20a0 fs/namei.c:4893 ... </TASK> CVE-2025-21887 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21887.html CVE-2025-21887 https://bugzilla.suse.com/1240176 SUSE Bug 1240176 In the Linux kernel, the following vulnerability has been resolved: perf/core: Add RCU read lock protection to perf_iterate_ctx() The perf_iterate_ctx() function performs RCU list traversal but currently lacks RCU read lock protection. This causes lockdep warnings when running perf probe with unshare(1) under CONFIG_PROVE_RCU_LIST=y: WARNING: suspicious RCU usage kernel/events/core.c:8168 RCU-list traversed in non-reader section!! Call Trace: lockdep_rcu_suspicious ? perf_event_addr_filters_apply perf_iterate_ctx perf_event_exec begin_new_exec ? load_elf_phdrs load_elf_binary ? lock_acquire ? find_held_lock ? bprm_execve bprm_execve do_execveat_common.isra.0 __x64_sys_execve do_syscall_64 entry_SYSCALL_64_after_hwframe This protection was previously present but was removed in commit bd2756811766 ("perf: Rewrite core context handling"). Add back the necessary rcu_read_lock()/rcu_read_unlock() pair around perf_iterate_ctx() call in perf_event_exec(). [ mingo: Use scoped_guard() as suggested by Peter ] CVE-2025-21889 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21889.html CVE-2025-21889 https://bugzilla.suse.com/1240167 SUSE Bug 1240167 In the Linux kernel, the following vulnerability has been resolved: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC Actually ENETC VFs do not support HWTSTAMP_TX_ONESTEP_SYNC because only ENETC PF can access PMa_SINGLE_STEP registers. And there will be a crash if VFs are used to test one-step timestamp, the crash log as follows. [ 129.110909] Unable to handle kernel paging request at virtual address 00000000000080c0 [ 129.287769] Call trace: [ 129.290219] enetc_port_mac_wr+0x30/0xec (P) [ 129.294504] enetc_start_xmit+0xda4/0xe74 [ 129.298525] enetc_xmit+0x70/0xec [ 129.301848] dev_hard_start_xmit+0x98/0x118 CVE-2025-21894 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21894.html CVE-2025-21894 https://bugzilla.suse.com/1240581 SUSE Bug 1240581 In the Linux kernel, the following vulnerability has been resolved: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list Syskaller triggers a warning due to prev_epc->pmu != next_epc->pmu in perf_event_swap_task_ctx_data(). vmcore shows that two lists have the same perf_event_pmu_context, but not in the same order. The problem is that the order of pmu_ctx_list for the parent is impacted by the time when an event/PMU is added. While the order for a child is impacted by the event order in the pinned_groups and flexible_groups. So the order of pmu_ctx_list in the parent and child may be different. To fix this problem, insert the perf_event_pmu_context to its proper place after iteration of the pmu_ctx_list. The follow testcase can trigger above warning: # perf record -e cycles --call-graph lbr -- taskset -c 3 ./a.out & # perf stat -e cpu-clock,cs -p xxx // xxx is the pid of a.out test.c void main() { int count = 0; pid_t pid; printf("%d running\n", getpid()); sleep(30); printf("running\n"); pid = fork(); if (pid == -1) { printf("fork error\n"); return; } if (pid == 0) { while (1) { count++; } } else { while (1) { count++; } } } The testcase first opens an LBR event, so it will allocate task_ctx_data, and then open tracepoint and software events, so the parent context will have 3 different perf_event_pmu_contexts. On inheritance, child ctx will insert the perf_event_pmu_context in another order and the warning will trigger. [ mingo: Tidied up the changelog. ] CVE-2025-21895 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21895.html CVE-2025-21895 https://bugzilla.suse.com/1240585 SUSE Bug 1240585 In the Linux kernel, the following vulnerability has been resolved: caif_virtio: fix wrong pointer check in cfv_probe() del_vqs() frees virtqueues, therefore cfv->vq_tx pointer should be checked for NULL before calling it, not cfv->vdev. Also the current implementation is redundant because the pointer cfv->vdev is dereferenced before it is checked for NULL. Fix this by checking cfv->vq_tx for NULL instead of cfv->vdev before calling del_vqs(). CVE-2025-21904 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21904.html CVE-2025-21904 https://bugzilla.suse.com/1240576 SUSE Bug 1240576 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have. CVE-2025-21905 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21905.html CVE-2025-21905 https://bugzilla.suse.com/1240575 SUSE Bug 1240575 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: clean up ROC on failure If the firmware fails to start the session protection, then we do call iwl_mvm_roc_finished() here, but that won't do anything at all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set. Set IWL_MVM_STATUS_ROC_P2P_RUNNING in the failure/stop path. If it started successfully before, it's already set, so that doesn't matter, and if it didn't start it needs to be set to clean up. Not doing so will lead to a WARN_ON() later on a fresh remain- on-channel, since the link is already active when activated as it was never deactivated. CVE-2025-21906 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21906.html CVE-2025-21906 https://bugzilla.suse.com/1240587 SUSE Bug 1240587 In the Linux kernel, the following vulnerability has been resolved: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback Add PF_KCOMPACTD flag and current_is_kcompactd() helper to check for it so nfs_release_folio() can skip calling nfs_wb_folio() from kcompactd. Otherwise NFS can deadlock waiting for kcompactd enduced writeback which recurses back to NFS (which triggers writeback to NFSD via NFS loopback mount on the same host, NFSD blocks waiting for XFS's call to __filemap_get_folio): 6070.550357] INFO: task kcompactd0:58 blocked for more than 4435 seconds. {--- [58] "kcompactd0" [<0>] folio_wait_bit+0xe8/0x200 [<0>] folio_wait_writeback+0x2b/0x80 [<0>] nfs_wb_folio+0x80/0x1b0 [nfs] [<0>] nfs_release_folio+0x68/0x130 [nfs] [<0>] split_huge_page_to_list_to_order+0x362/0x840 [<0>] migrate_pages_batch+0x43d/0xb90 [<0>] migrate_pages_sync+0x9a/0x240 [<0>] migrate_pages+0x93c/0x9f0 [<0>] compact_zone+0x8e2/0x1030 [<0>] compact_node+0xdb/0x120 [<0>] kcompactd+0x121/0x2e0 [<0>] kthread+0xcf/0x100 [<0>] ret_from_fork+0x31/0x40 [<0>] ret_from_fork_asm+0x1a/0x30 ---} [akpm@linux-foundation.org: fix build] CVE-2025-21908 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21908.html CVE-2025-21908 https://bugzilla.suse.com/1240600 SUSE Bug 1240600 In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject cooked mode if it is set along with other flags It is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE flags simultaneously on the same monitor interface from the userspace. This causes a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit set because the monitor interface is in the cooked state and it takes precedence over all other states. When the interface is then being deleted the kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing that bit. Fix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with other flags. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2025-21909 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21909.html CVE-2025-21909 https://bugzilla.suse.com/1240590 SUSE Bug 1240590 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue [1] that occurs when erroneous symbols sent from userspace get through into user_alpha2[] via regulatory_hint_user() call. Such invalid regulatory hints should be rejected. While a sanity check from commit 47caf685a685 ("cfg80211: regulatory: reject invalid hints") looks to be enough to deter these very cases, there is a way to get around it due to 2 reasons. 1) The way isalpha() works, symbols other than latin lower and upper letters may be used to determine a country/domain. For instance, greek letters will also be considered upper/lower letters and for such characters isalpha() will return true as well. However, ISO-3166-1 alpha2 codes should only hold latin characters. 2) While processing a user regulatory request, between reg_process_hint_user() and regulatory_hint_user() there happens to be a call to queue_regulatory_request() which modifies letters in request->alpha2[] with toupper(). This works fine for latin symbols, less so for weird letter characters from the second part of _ctype[]. Syzbot triggers a warning in is_user_regdom_saved() by first sending over an unexpected non-latin letter that gets malformed by toupper() into a character that ends up failing isalpha() check. Prevent this by enhancing is_an_alpha2() to ensure that incoming symbols are latin letters and nothing else. [1] Syzbot report: ------------[ cut here ]------------ Unexpected user alpha2: A� WARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 is_user_regdom_saved net/wireless/reg.c:440 [inline] WARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_alpha2 net/wireless/reg.c:3424 [inline] WARNING: CPU: 1 PID: 964 at net/wireless/reg.c:442 restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516 Modules linked in: CPU: 1 UID: 0 PID: 964 Comm: kworker/1:2 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events_power_efficient crda_timeout_work RIP: 0010:is_user_regdom_saved net/wireless/reg.c:440 [inline] RIP: 0010:restore_alpha2 net/wireless/reg.c:3424 [inline] RIP: 0010:restore_regulatory_settings+0x3c0/0x1e50 net/wireless/reg.c:3516 ... Call Trace: <TASK> crda_timeout_work+0x27/0x50 net/wireless/reg.c:542 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f2/0x390 kernel/kthread.c:389 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> CVE-2025-21910 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21910.html CVE-2025-21910 https://bugzilla.suse.com/1240583 SUSE Bug 1240583 In the Linux kernel, the following vulnerability has been resolved: gpio: rcar: Use raw_spinlock to protect register access Use raw_spinlock in order to fix spurious messages about invalid context when spinlock debugging is enabled. The lock is only used to serialize register access. [ 4.239592] ============================= [ 4.239595] [ BUG: Invalid wait context ] [ 4.239599] 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 Not tainted [ 4.239603] ----------------------------- [ 4.239606] kworker/u8:5/76 is trying to lock: [ 4.239609] ffff0000091898a0 (&p->lock){....}-{3:3}, at: gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.239641] other info that might help us debug this: [ 4.239643] context-{5:5} [ 4.239646] 5 locks held by kworker/u8:5/76: [ 4.239651] #0: ffff0000080fb148 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x190/0x62c [ 4.250180] OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property 'frame-master' with a value. [ 4.254094] #1: ffff80008299bd80 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x1b8/0x62c [ 4.254109] #2: ffff00000920c8f8 [ 4.258345] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'bitclock-master' with a value. [ 4.264803] (&dev->mutex){....}-{4:4}, at: __device_attach_async_helper+0x3c/0xdc [ 4.264820] #3: ffff00000a50ca40 (request_class#2){+.+.}-{4:4}, at: __setup_irq+0xa0/0x690 [ 4.264840] #4: [ 4.268872] OF: /soc/sound@ec500000/ports/port@1/endpoint: Read of boolean property 'frame-master' with a value. [ 4.273275] ffff00000a50c8c8 (lock_class){....}-{2:2}, at: __setup_irq+0xc4/0x690 [ 4.296130] renesas_sdhi_internal_dmac ee100000.mmc: mmc1 base at 0x00000000ee100000, max clock rate 200 MHz [ 4.304082] stack backtrace: [ 4.304086] CPU: 1 UID: 0 PID: 76 Comm: kworker/u8:5 Not tainted 6.13.0-rc7-arm64-renesas-05496-gd088502a519f #35 [ 4.304092] Hardware name: Renesas Salvator-X 2nd version board based on r8a77965 (DT) [ 4.304097] Workqueue: async async_run_entry_fn [ 4.304106] Call trace: [ 4.304110] show_stack+0x14/0x20 (C) [ 4.304122] dump_stack_lvl+0x6c/0x90 [ 4.304131] dump_stack+0x14/0x1c [ 4.304138] __lock_acquire+0xdfc/0x1584 [ 4.426274] lock_acquire+0x1c4/0x33c [ 4.429942] _raw_spin_lock_irqsave+0x5c/0x80 [ 4.434307] gpio_rcar_config_interrupt_input_mode+0x34/0x164 [ 4.440061] gpio_rcar_irq_set_type+0xd4/0xd8 [ 4.444422] __irq_set_trigger+0x5c/0x178 [ 4.448435] __setup_irq+0x2e4/0x690 [ 4.452012] request_threaded_irq+0xc4/0x190 [ 4.456285] devm_request_threaded_irq+0x7c/0xf4 [ 4.459398] ata1: link resume succeeded after 1 retries [ 4.460902] mmc_gpiod_request_cd_irq+0x68/0xe0 [ 4.470660] mmc_start_host+0x50/0xac [ 4.474327] mmc_add_host+0x80/0xe4 [ 4.477817] tmio_mmc_host_probe+0x2b0/0x440 [ 4.482094] renesas_sdhi_probe+0x488/0x6f4 [ 4.486281] renesas_sdhi_internal_dmac_probe+0x60/0x78 [ 4.491509] platform_probe+0x64/0xd8 [ 4.495178] really_probe+0xb8/0x2a8 [ 4.498756] __driver_probe_device+0x74/0x118 [ 4.503116] driver_probe_device+0x3c/0x154 [ 4.507303] __device_attach_driver+0xd4/0x160 [ 4.511750] bus_for_each_drv+0x84/0xe0 [ 4.515588] __device_attach_async_helper+0xb0/0xdc [ 4.520470] async_run_entry_fn+0x30/0xd8 [ 4.524481] process_one_work+0x210/0x62c [ 4.528494] worker_thread+0x1ac/0x340 [ 4.532245] kthread+0x10c/0x110 [ 4.535476] ret_from_fork+0x10/0x20 CVE-2025-21912 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21912.html CVE-2025-21912 https://bugzilla.suse.com/1240584 SUSE Bug 1240584 In the Linux kernel, the following vulnerability has been resolved: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() Xen doesn't offer MSR_FAM10H_MMIO_CONF_BASE to all guests. This results in the following warning: unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f (xen_do_read_msr+0x7f/0xa0) Call Trace: xen_read_msr+0x1e/0x30 amd_get_mmconfig_range+0x2b/0x80 quirk_amd_mmconfig_area+0x28/0x100 pnp_fixup_device+0x39/0x50 __pnp_add_device+0xf/0x150 pnp_add_device+0x3d/0x100 pnpacpi_add_device_handler+0x1f9/0x280 acpi_ns_get_device_callback+0x104/0x1c0 acpi_ns_walk_namespace+0x1d0/0x260 acpi_get_devices+0x8a/0xb0 pnpacpi_init+0x50/0x80 do_one_initcall+0x46/0x2e0 kernel_init_freeable+0x1da/0x2f0 kernel_init+0x16/0x1b0 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1b/0x30 based on quirks for a "PNP0c01" device. Treating MMCFG as disabled is the right course of action, so no change is needed there. This was most likely exposed by fixing the Xen MSR accessors to not be silently-safe. CVE-2025-21913 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21913.html CVE-2025-21913 https://bugzilla.suse.com/1240591 SUSE Bug 1240591 In the Linux kernel, the following vulnerability has been resolved: slimbus: messaging: Free transaction ID in delayed interrupt scenario In case of interrupt delay for any reason, slim_do_transfer() returns timeout error but the transaction ID (TID) is not freed. This results into invalid memory access inside qcom_slim_ngd_rx_msgq_cb() due to invalid TID. Fix the issue by freeing the TID in slim_do_transfer() before returning timeout error to avoid invalid memory access. Call trace: __memcpy_fromio+0x20/0x190 qcom_slim_ngd_rx_msgq_cb+0x130/0x290 [slim_qcom_ngd_ctrl] vchan_complete+0x2a0/0x4a0 tasklet_action_common+0x274/0x700 tasklet_action+0x28/0x3c _stext+0x188/0x620 run_ksoftirqd+0x34/0x74 smpboot_thread_fn+0x1d8/0x464 kthread+0x178/0x238 ret_from_fork+0x10/0x20 Code: aa0003e8 91000429 f100044a 3940002b (3800150b) ---[ end trace 0fe00bec2b975c99 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt. CVE-2025-21914 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21914.html CVE-2025-21914 https://bugzilla.suse.com/1240595 SUSE Bug 1240595 In the Linux kernel, the following vulnerability has been resolved: cdx: Fix possible UAF error in driver_override_show() Fixed a possible UAF problem in driver_override_show() in drivers/cdx/cdx.c This function driver_override_show() is part of DEVICE_ATTR_RW, which includes both driver_override_show() and driver_override_store(). These functions can be executed concurrently in sysfs. The driver_override_store() function uses driver_set_override() to update the driver_override value, and driver_set_override() internally locks the device (device_lock(dev)). If driver_override_show() reads cdx_dev->driver_override without locking, it could potentially access a freed pointer if driver_override_store() frees the string concurrently. This could lead to printing a kernel address, which is a security risk since DEVICE_ATTR can be read by all users. Additionally, a similar pattern is used in drivers/amba/bus.c, as well as many other bus drivers, where device_lock() is taken in the show function, and it has been working without issues. This potential bug was detected by our experimental static analysis tool, which analyzes locking APIs and paired functions to identify data races and atomicity violations. CVE-2025-21915 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21915.html CVE-2025-21915 https://bugzilla.suse.com/1240594 SUSE Bug 1240594 In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. This time the issue stems from a commit authored by me (2eabb655a968 ("usb: atm: cxacru: fix endpoint checking in cxacru_bind()")). While using usb_find_common_endpoints() may usually be enough to discard devices with wrong endpoints, in this case one needs more than just finding and identifying the sufficient number of endpoints of correct types - one needs to check the endpoint's address as well. Since cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind, switch the endpoint verification approach to usb_check_XXX_endpoints() instead to fix incomplete ep testing. [1] Syzbot report: usb 5-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... RIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... Call Trace: <TASK> cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649 cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline] cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223 usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058 cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377 usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396 really_probe+0x2b9/0xad0 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 ... CVE-2025-21916 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21916.html CVE-2025-21916 https://bugzilla.suse.com/1240582 SUSE Bug 1240582 In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Flush the notify_hotplug_work When performing continuous unbind/bind operations on the USB drivers available on the Renesas RZ/G2L SoC, a kernel crash with the message "Unable to handle kernel NULL pointer dereference at virtual address" may occur. This issue points to the usbhsc_notify_hotplug() function. Flush the delayed work to avoid its execution when driver resources are unavailable. CVE-2025-21917 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21917.html CVE-2025-21917 https://bugzilla.suse.com/1240596 SUSE Bug 1240596 In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated workqueue to complete before deallocating them. CVE-2025-21918 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21918.html CVE-2025-21918 https://bugzilla.suse.com/1240592 SUSE Bug 1240592 In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, making the conversion invalid and potentially leading to memory corruption. Depending on the relative positions of leaf_cfs_rq_list and the task group (tg) pointer within the struct, this can cause a memory fault or access garbage data. The issue arises in list_add_leaf_cfs_rq, where both cfs_rq->leaf_cfs_rq_list and rq->leaf_cfs_rq_list are added to the same leaf list. Also, rq->tmp_alone_branch can be set to rq->leaf_cfs_rq_list. This adds a check `if (prev == &rq->leaf_cfs_rq_list)` after the main conditional in child_cfs_rq_on_list. This ensures that the container_of operation will convert a correct cfs_rq struct. This check is sufficient because only cfs_rqs on the same CPU are added to the list, so verifying the 'prev' pointer against the current rq's list head is enough. Fixes a potential memory corruption issue that due to current struct layout might not be manifesting as a crash but could lead to unpredictable behavior when the layout changes. CVE-2025-21919 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21919.html CVE-2025-21919 https://bugzilla.suse.com/1240593 SUSE Bug 1240593 In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning [1], which is caused by the ppp driver not initializing a 2-byte header when using socket filter. The following code can generate a PPP filter BPF program: ''' struct bpf_program fp; pcap_t *handle; handle = pcap_open_dead(DLT_PPP_PPPD, 65535); pcap_compile(handle, &fp, "ip and outbound", 0, 0); bpf_dump(&fp, 1); ''' Its output is: ''' (000) ldh [2] (001) jeq #0x21 jt 2 jf 5 (002) ldb [0] (003) jeq #0x1 jt 4 jf 5 (004) ret #65535 (005) ret #0 ''' Wen can find similar code at the following link: https://github.com/ppp-project/ppp/blob/master/pppd/options.c#L1680 The maintainer of this code repository is also the original maintainer of the ppp driver. As you can see the BPF program skips 2 bytes of data and then reads the 'Protocol' field to determine if it's an IP packet. Then it read the first byte of the first 2 bytes to determine the direction. The issue is that only the first byte indicating direction is initialized in current ppp driver code while the second byte is not initialized. For normal BPF programs generated by libpcap, uninitialized data won't be used, so it's not a problem. However, for carefully crafted BPF programs, such as those generated by syzkaller [2], which start reading from offset 0, the uninitialized data will be used and caught by KMSAN. [1] https://syzkaller.appspot.com/bug?extid=853242d9c9917165d791 [2] https://syzkaller.appspot.com/text?tag=ReproC&x=11994913980000 CVE-2025-21922 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21922.html CVE-2025-21922 https://bugzilla.suse.com/1240639 SUSE Bug 1240639 In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when detaching device When a hid-steam device is removed it must clean up the client_hdev used for intercepting hidraw access. This can lead to scheduling deferred work to reattach the input device. Though the cleanup cancels the deferred work, this was done before the client_hdev itself is cleaned up, so it gets rescheduled. This patch fixes the ordering to make sure the deferred work is properly canceled. CVE-2025-21923 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21923.html CVE-2025-21923 https://bugzilla.suse.com/1240691 SUSE Bug 1240691 In the Linux kernel, the following vulnerability has been resolved: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error During the initialization of ptp, hclge_ptp_get_cycle might return an error and returned directly without unregister clock and free it. To avoid that, call hclge_ptp_destroy_clock to unregist and free clock if hclge_ptp_get_cycle failed. CVE-2025-21924 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21924.html CVE-2025-21924 https://bugzilla.suse.com/1240720 SUSE Bug 1240720 In the Linux kernel, the following vulnerability has been resolved: llc: do not use skb_get() before dev_queue_xmit() syzbot is able to crash hosts [1], using llc and devices not supporting IFF_TX_SKB_SHARING. In this case, e1000 driver calls eth_skb_pad(), while the skb is shared. Simply replace skb_get() by skb_clone() in net/llc/llc_s_ac.c Note that e1000 driver might have an issue with pktgen, because it does not clear IFF_TX_SKB_SHARING, this is an orthogonal change. We need to audit other skb_get() uses in net/llc. [1] kernel BUG at net/core/skbuff.c:2178 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 16371 Comm: syz.2.2764 Not tainted 6.14.0-rc4-syzkaller-00052-gac9c34d1e45a #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:pskb_expand_head+0x6ce/0x1240 net/core/skbuff.c:2178 Call Trace: <TASK> __skb_pad+0x18a/0x610 net/core/skbuff.c:2466 __skb_put_padto include/linux/skbuff.h:3843 [inline] skb_put_padto include/linux/skbuff.h:3862 [inline] eth_skb_pad include/linux/etherdevice.h:656 [inline] e1000_xmit_frame+0x2d99/0x5800 drivers/net/ethernet/intel/e1000/e1000_main.c:3128 __netdev_start_xmit include/linux/netdevice.h:5151 [inline] netdev_start_xmit include/linux/netdevice.h:5160 [inline] xmit_one net/core/dev.c:3806 [inline] dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3822 sch_direct_xmit+0x1ae/0xc30 net/sched/sch_generic.c:343 __dev_xmit_skb net/core/dev.c:4045 [inline] __dev_queue_xmit+0x13d4/0x43e0 net/core/dev.c:4621 dev_queue_xmit include/linux/netdevice.h:3313 [inline] llc_sap_action_send_test_c+0x268/0x320 net/llc/llc_s_ac.c:144 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline] llc_sap_next_state net/llc/llc_sap.c:182 [inline] llc_sap_state_process+0x239/0x510 net/llc/llc_sap.c:209 llc_ui_sendmsg+0xd0d/0x14e0 net/llc/af_llc.c:993 sock_sendmsg_nosec net/socket.c:718 [inline] CVE-2025-21925 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21925.html CVE-2025-21925 https://bugzilla.suse.com/1240713 SUSE Bug 1240713 In the Linux kernel, the following vulnerability has been resolved: net: gso: fix ownership in __udp_gso_segment In __udp_gso_segment the skb destructor is removed before segmenting the skb but the socket reference is kept as-is. This is an issue if the original skb is later orphaned as we can hit the following bug: kernel BUG at ./include/linux/skbuff.h:3312! (skb_orphan) RIP: 0010:ip_rcv_core+0x8b2/0xca0 Call Trace: ip_rcv+0xab/0x6e0 __netif_receive_skb_one_core+0x168/0x1b0 process_backlog+0x384/0x1100 __napi_poll.constprop.0+0xa1/0x370 net_rx_action+0x925/0xe50 The above can happen following a sequence of events when using OpenVSwitch, when an OVS_ACTION_ATTR_USERSPACE action precedes an OVS_ACTION_ATTR_OUTPUT action: 1. OVS_ACTION_ATTR_USERSPACE is handled (in do_execute_actions): the skb goes through queue_gso_packets and then __udp_gso_segment, where its destructor is removed. 2. The segments' data are copied and sent to userspace. 3. OVS_ACTION_ATTR_OUTPUT is handled (in do_execute_actions) and the same original skb is sent to its path. 4. If it later hits skb_orphan, we hit the bug. Fix this by also removing the reference to the socket in __udp_gso_segment. CVE-2025-21926 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21926.html CVE-2025-21926 https://bugzilla.suse.com/1240712 SUSE Bug 1240712 In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invalid header length (e.g. 255), causing nvme_tcp_verify_hdgst() to access memory outside the allocated area and cause memory corruptions by overwriting it with the calculated digest. Fix this by rejecting packets with an unexpected header length. CVE-2025-21927 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21927.html CVE-2025-21927 https://bugzilla.suse.com/1240714 SUSE Bug 1240714 In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function. The function currently frees the `driver_data` directly within the loop that destroys the HID devices, which can lead to accessing freed memory. Specifically, `hid_destroy_device()` uses `driver_data` when it calls `hid_ishtp_set_feature()` to power off the sensor, so freeing `driver_data` beforehand can result in accessing invalid memory. This patch resolves the issue by storing the `driver_data` in a temporary variable before calling `hid_destroy_device()`, and then freeing the `driver_data` after the device is destroyed. CVE-2025-21928 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21928.html CVE-2025-21928 https://bugzilla.suse.com/1240722 SUSE Bug 1240722 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't try to talk to a dead firmware This fixes: bad state = 0 WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwl_trans_send_cmd+0xba/0xe0 [iwlwifi] Call Trace: <TASK> ? __warn+0xca/0x1c0 ? iwl_trans_send_cmd+0xba/0xe0 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4] iwl_fw_dbg_clear_monitor_buf+0xd7/0x110 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4] _iwl_dbgfs_fw_dbg_clear_write+0xe2/0x120 [iwlmvm 0e8adb18cea92d2c341766bcc10b18699290068a] Ask whether the firmware is alive before sending a command. CVE-2025-21930 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21930.html CVE-2025-21930 https://bugzilla.suse.com/1240715 SUSE Bug 1240715 In the Linux kernel, the following vulnerability has been resolved: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]--- CVE-2025-21931 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21931.html CVE-2025-21931 https://bugzilla.suse.com/1240709 SUSE Bug 1240709 In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rio_add_net() fails rio_add_net() calls device_register() and fails when device_register() fails. Thus, put_device() should be used rather than kfree(). Add "mport->net = NULL;" to avoid a use after free issue. CVE-2025-21934 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21934.html CVE-2025-21934 https://bugzilla.suse.com/1240708 SUSE Bug 1240708 In the Linux kernel, the following vulnerability has been resolved: rapidio: add check for rio_add_net() in rio_scan_alloc_net() The return value of rio_add_net() should be checked. If it fails, put_device() should be called to free the memory and give up the reference initialized in rio_add_net(). CVE-2025-21935 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21935.html CVE-2025-21935 https://bugzilla.suse.com/1240700 SUSE Bug 1240700 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() Add check for the return value of mgmt_alloc_skb() in mgmt_device_connected() to prevent null pointer dereference. CVE-2025-21936 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21936.html CVE-2025-21936 https://bugzilla.suse.com/1240716 SUSE Bug 1240716 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() Add check for the return value of mgmt_alloc_skb() in mgmt_remote_name() to prevent null pointer dereference. CVE-2025-21937 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21937.html CVE-2025-21937 https://bugzilla.suse.com/1240643 SUSE Bug 1240643 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params Null pointer dereference issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure 'pipe_ctx->plane_state' is not null before accessing. This prevents a null pointer dereference. Found by code review. (cherry picked from commit 63e6a77ccf239337baa9b1e7787cde9fa0462092) CVE-2025-21941 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21941.html CVE-2025-21941 https://bugzilla.suse.com/1240701 SUSE Bug 1240701 In the Linux kernel, the following vulnerability has been resolved: gpio: aggregator: protect driver attr handlers against module unload Both new_device_store and delete_device_store touch module global resources (e.g. gpio_aggregator_lock). To prevent race conditions with module unload, a reference needs to be held. Add try_module_get() in these handlers. For new_device_store, this eliminates what appears to be the most dangerous scenario: if an id is allocated from gpio_aggregator_idr but platform_device_register has not yet been called or completed, a concurrent module unload could fail to unregister/delete the device, leaving behind a dangling platform device/GPIO forwarder. This can result in various issues. The following simple reproducer demonstrates these problems: #!/bin/bash while :; do # note: whether 'gpiochip0 0' exists or not does not matter. echo 'gpiochip0 0' > /sys/bus/platform/drivers/gpio-aggregator/new_device done & while :; do modprobe gpio-aggregator modprobe -r gpio-aggregator done & wait Starting with the following warning, several kinds of warnings will appear and the system may become unstable: ------------[ cut here ]------------ list_del corruption, ffff888103e2e980->next is LIST_POISON1 (dead000000000100) WARNING: CPU: 1 PID: 1327 at lib/list_debug.c:56 __list_del_entry_valid_or_report+0xa3/0x120 [...] RIP: 0010:__list_del_entry_valid_or_report+0xa3/0x120 [...] Call Trace: <TASK> ? __list_del_entry_valid_or_report+0xa3/0x120 ? __warn.cold+0x93/0xf2 ? __list_del_entry_valid_or_report+0xa3/0x120 ? report_bug+0xe6/0x170 ? __irq_work_queue_local+0x39/0xe0 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x13/0x60 ? asm_exc_invalid_op+0x16/0x20 ? __list_del_entry_valid_or_report+0xa3/0x120 gpiod_remove_lookup_table+0x22/0x60 new_device_store+0x315/0x350 [gpio_aggregator] kernfs_fop_write_iter+0x137/0x1f0 vfs_write+0x262/0x430 ksys_write+0x60/0xd0 do_syscall_64+0x6c/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e [...] </TASK> ---[ end trace 0000000000000000 ]--- CVE-2025-21943 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21943.html CVE-2025-21943 https://bugzilla.suse.com/1240647 SUSE Bug 1240647 In the Linux kernel, the following vulnerability has been resolved: HID: appleir: Fix potential NULL dereference at raw event handle Syzkaller reports a NULL pointer dereference issue in input_event(). BUG: KASAN: null-ptr-deref in instrument_atomic_read include/linux/instrumented.h:68 [inline] BUG: KASAN: null-ptr-deref in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: null-ptr-deref in is_event_supported drivers/input/input.c:67 [inline] BUG: KASAN: null-ptr-deref in input_event+0x42/0xa0 drivers/input/input.c:395 Read of size 8 at addr 0000000000000028 by task syz-executor199/2949 CPU: 0 UID: 0 PID: 2949 Comm: syz-executor199 Not tainted 6.13.0-rc4-syzkaller-00076-gf097a36ef88d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 kasan_report+0xd9/0x110 mm/kasan/report.c:602 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:68 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] is_event_supported drivers/input/input.c:67 [inline] input_event+0x42/0xa0 drivers/input/input.c:395 input_report_key include/linux/input.h:439 [inline] key_down drivers/hid/hid-appleir.c:159 [inline] appleir_raw_event+0x3e5/0x5e0 drivers/hid/hid-appleir.c:232 __hid_input_report.constprop.0+0x312/0x440 drivers/hid/hid-core.c:2111 hid_ctrl+0x49f/0x550 drivers/hid/usbhid/hid-core.c:484 __usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650 usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734 dummy_timer+0x17f7/0x3960 drivers/usb/gadget/udc/dummy_hcd.c:1993 __run_hrtimer kernel/time/hrtimer.c:1739 [inline] __hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1803 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1820 handle_softirqs+0x206/0x8d0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xfa/0x160 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1049 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 __mod_timer+0x8f6/0xdc0 kernel/time/timer.c:1185 add_timer+0x62/0x90 kernel/time/timer.c:1295 schedule_timeout+0x11f/0x280 kernel/time/sleep_timeout.c:98 usbhid_wait_io+0x1c7/0x380 drivers/hid/usbhid/hid-core.c:645 usbhid_init_reports+0x19f/0x390 drivers/hid/usbhid/hid-core.c:784 hiddev_ioctl+0x1133/0x15b0 drivers/hid/usbhid/hiddev.c:794 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl fs/ioctl.c:892 [inline] __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> This happens due to the malformed report items sent by the emulated device which results in a report, that has no fields, being added to the report list. Due to this appleir_input_configured() is never called, hidinput_connect() fails which results in the HID_CLAIMED_INPUT flag is not being set. However, it does not make appleir_probe() fail and lets the event callback to be called without the associated input device. Thus, add a check for the HID_CLAIMED_INPUT flag and leave the event hook early if the driver didn't claim any input_dev for some reason. Moreover, some other hid drivers accessing input_dev in their event callbacks do have similar checks, too. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2025-21948 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21948.html CVE-2025-21948 https://bugzilla.suse.com/1240703 SUSE Bug 1240703 In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl In the "pmcmd_ioctl" function, three memory objects allocated by kmalloc are initialized by "hcall_get_cpu_state", which are then copied to user space. The initializer is indeed implemented in "acrn_hypercall2" (arch/x86/include/asm/acrn.h). There is a risk of information leakage due to uninitialized bytes. CVE-2025-21950 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21950.html CVE-2025-21950 https://bugzilla.suse.com/1240719 SUSE Bug 1240719 In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock There are multiple places from where the recovery work gets scheduled asynchronously. Also, there are multiple places where the caller waits synchronously for the recovery to be completed. One such place is during the PM shutdown() callback. If the device is not alive during recovery_work, it will try to reset the device using pci_reset_function(). This function internally will take the device_lock() first before resetting the device. By this time, if the lock has already been acquired, then recovery_work will get stalled while waiting for the lock. And if the lock was already acquired by the caller which waits for the recovery_work to be completed, it will lead to deadlock. This is what happened on the X1E80100 CRD device when the device died before shutdown() callback. Driver core calls the driver's shutdown() callback while holding the device_lock() leading to deadlock. And this deadlock scenario can occur on other paths as well, like during the PM suspend() callback, where the driver core would hold the device_lock() before calling driver's suspend() callback. And if the recovery_work was already started, it could lead to deadlock. This is also observed on the X1E80100 CRD. So to fix both issues, use pci_try_reset_function() in recovery_work. This function first checks for the availability of the device_lock() before trying to reset the device. If the lock is available, it will acquire it and reset the device. Otherwise, it will return -EAGAIN. If that happens, recovery_work will fail with the error message "Recovery failed" as not much could be done. CVE-2025-21951 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21951.html CVE-2025-21951 https://bugzilla.suse.com/1240718 SUSE Bug 1240718 In the Linux kernel, the following vulnerability has been resolved: net: mana: cleanup mana struct after debugfs_remove() When on a MANA VM hibernation is triggered, as part of hibernate_snapshot(), mana_gd_suspend() and mana_gd_resume() are called. If during this mana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs pointer does not get reinitialized and ends up pointing to older, cleaned-up dentry. Further in the hibernation path, as part of power_down(), mana_gd_shutdown() is triggered. This call, unaware of the failures in resume, tries to cleanup the already cleaned up mana_port_debugfs value and hits the following bug: [ 191.359296] mana 7870:00:00.0: Shutdown was called [ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 191.360584] #PF: supervisor write access in kernel mode [ 191.361125] #PF: error_code(0x0002) - not-present page [ 191.361727] PGD 1080ea067 P4D 0 [ 191.362172] Oops: Oops: 0002 [#1] SMP NOPTI [ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2 [ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 191.364124] RIP: 0010:down_write+0x19/0x50 [ 191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 <f0> 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d [ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246 [ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000 [ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098 [ 191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001 [ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000 [ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020 [ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000 [ 191.370213] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0 [ 191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 191.372906] Call Trace: [ 191.373262] <TASK> [ 191.373621] ? show_regs+0x64/0x70 [ 191.374040] ? __die+0x24/0x70 [ 191.374468] ? page_fault_oops+0x290/0x5b0 [ 191.374875] ? do_user_addr_fault+0x448/0x800 [ 191.375357] ? exc_page_fault+0x7a/0x160 [ 191.375971] ? asm_exc_page_fault+0x27/0x30 [ 191.376416] ? down_write+0x19/0x50 [ 191.376832] ? down_write+0x12/0x50 [ 191.377232] simple_recursive_removal+0x4a/0x2a0 [ 191.377679] ? __pfx_remove_one+0x10/0x10 [ 191.378088] debugfs_remove+0x44/0x70 [ 191.378530] mana_detach+0x17c/0x4f0 [ 191.378950] ? __flush_work+0x1e2/0x3b0 [ 191.379362] ? __cond_resched+0x1a/0x50 [ 191.379787] mana_remove+0xf2/0x1a0 [ 191.380193] mana_gd_shutdown+0x3b/0x70 [ 191.380642] pci_device_shutdown+0x3a/0x80 [ 191.381063] device_shutdown+0x13e/0x230 [ 191.381480] kernel_power_off+0x35/0x80 [ 191.381890] hibernate+0x3c6/0x470 [ 191.382312] state_store+0xcb/0xd0 [ 191.382734] kobj_attr_store+0x12/0x30 [ 191.383211] sysfs_kf_write+0x3e/0x50 [ 191.383640] kernfs_fop_write_iter+0x140/0x1d0 [ 191.384106] vfs_write+0x271/0x440 [ 191.384521] ksys_write+0x72/0xf0 [ 191.384924] __x64_sys_write+0x19/0x20 [ 191.385313] x64_sys_call+0x2b0/0x20b0 [ 191.385736] do_syscall_64+0x79/0x150 [ 191.386146] ? __mod_memcg_lruvec_state+0xe7/0x240 [ 191.386676] ? __lruvec_stat_mod_folio+0x79/0xb0 [ 191.387124] ? __pfx_lru_add+0x10/0x10 [ 191.387515] ? queued_spin_unlock+0x9/0x10 [ 191.387937] ? do_anonymous_page+0x33c/0xa00 [ 191.388374] ? __handle_mm_fault+0xcf3/0x1210 [ 191.388805] ? __count_memcg_events+0xbe/0x180 [ 191.389235] ? handle_mm_fault+0xae/0x300 [ 19 ---truncated--- CVE-2025-21953 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21953.html CVE-2025-21953 https://bugzilla.suse.com/1240727 SUSE Bug 1240727 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign normalized_pix_clk when color depth = 14 [WHY & HOW] A warning message "WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397 calculate_phy_pix_clks+0xef/0x100 [amdgpu]" occurs because the display_color_depth == COLOR_DEPTH_141414 is not handled. This is observed in Radeon RX 6600 XT. It is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests. Also fixes the indentation in get_norm_pix_clk. (cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775) CVE-2025-21956 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21956.html CVE-2025-21956 https://bugzilla.suse.com/1240739 SUSE Bug 1240739 In the Linux kernel, the following vulnerability has been resolved: scsi: qla1280: Fix kernel oops when debug level > 2 A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2. I think its clear from the code that the intention here is sg_dma_len(s) not length of sg_next(s) when printing the debug info. CVE-2025-21957 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21957.html CVE-2025-21957 https://bugzilla.suse.com/1240742 SUSE Bug 1240742 In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() The bnxt_rx_pkt() updates ip_summed value at the end if checksum offload is enabled. When the XDP-MB program is attached and it returns XDP_PASS, the bnxt_xdp_build_skb() is called to update skb_shared_info. The main purpose of bnxt_xdp_build_skb() is to update skb_shared_info, but it updates ip_summed value too if checksum offload is enabled. This is actually duplicate work. When the bnxt_rx_pkt() updates ip_summed value, it checks if ip_summed is CHECKSUM_NONE or not. It means that ip_summed should be CHECKSUM_NONE at this moment. But ip_summed may already be updated to CHECKSUM_UNNECESSARY in the XDP-MB-PASS path. So the by skb_checksum_none_assert() WARNS about it. This is duplicate work and updating ip_summed in the bnxt_xdp_build_skb() is not needed. Splat looks like: WARNING: CPU: 3 PID: 5782 at ./include/linux/skbuff.h:5155 bnxt_rx_pkt+0x479b/0x7610 [bnxt_en] Modules linked in: bnxt_re bnxt_en rdma_ucm rdma_cm iw_cm ib_cm ib_uverbs veth xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_] CPU: 3 UID: 0 PID: 5782 Comm: socat Tainted: G W 6.14.0-rc4+ #27 Tainted: [W]=WARN Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021 RIP: 0010:bnxt_rx_pkt+0x479b/0x7610 [bnxt_en] Code: 54 24 0c 4c 89 f1 4c 89 ff c1 ea 1f ff d3 0f 1f 00 49 89 c6 48 85 c0 0f 84 4c e5 ff ff 48 89 c7 e8 ca 3d a0 c8 e9 8f f4 ff ff <0f> 0b f RSP: 0018:ffff88881ba09928 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 00000000c7590303 RCX: 0000000000000000 RDX: 1ffff1104e7d1610 RSI: 0000000000000001 RDI: ffff8881c91300b8 RBP: ffff88881ba09b28 R08: ffff888273e8b0d0 R09: ffff888273e8b070 R10: ffff888273e8b010 R11: ffff888278b0f000 R12: ffff888273e8b080 R13: ffff8881c9130e00 R14: ffff8881505d3800 R15: ffff888273e8b000 FS: 00007f5a2e7be080(0000) GS:ffff88881ba00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fff2e708ff8 CR3: 000000013e3b0000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <IRQ> ? __warn+0xcd/0x2f0 ? bnxt_rx_pkt+0x479b/0x7610 ? report_bug+0x326/0x3c0 ? handle_bug+0x53/0xa0 ? exc_invalid_op+0x14/0x50 ? asm_exc_invalid_op+0x16/0x20 ? bnxt_rx_pkt+0x479b/0x7610 ? bnxt_rx_pkt+0x3e41/0x7610 ? __pfx_bnxt_rx_pkt+0x10/0x10 ? napi_complete_done+0x2cf/0x7d0 __bnxt_poll_work+0x4e8/0x1220 ? __pfx___bnxt_poll_work+0x10/0x10 ? __pfx_mark_lock.part.0+0x10/0x10 bnxt_poll_p5+0x36a/0xfa0 ? __pfx_bnxt_poll_p5+0x10/0x10 __napi_poll.constprop.0+0xa0/0x440 net_rx_action+0x899/0xd00 ... Following ping.py patch adds xdp-mb-pass case. so ping.py is going to be able to reproduce this issue. CVE-2025-21960 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21960.html CVE-2025-21960 https://bugzilla.suse.com/1240815 SUSE Bug 1240815 In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix truesize for mb-xdp-pass case When mb-xdp is set and return is XDP_PASS, packet is converted from xdp_buff to sk_buff with xdp_update_skb_shared_info() in bnxt_xdp_build_skb(). bnxt_xdp_build_skb() passes incorrect truesize argument to xdp_update_skb_shared_info(). The truesize is calculated as BNXT_RX_PAGE_SIZE * sinfo->nr_frags but the skb_shared_info was wiped by napi_build_skb() before. So it stores sinfo->nr_frags before bnxt_xdp_build_skb() and use it instead of getting skb_shared_info from xdp_get_shared_info_from_buff(). Splat looks like: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 0 at net/core/skbuff.c:6072 skb_try_coalesce+0x504/0x590 Modules linked in: xt_nat xt_tcpudp veth af_packet xt_conntrack nft_chain_nat xt_MASQUERADE nf_conntrack_netlink xfrm_user xt_addrtype nft_coms CPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.14.0-rc2+ #3 RIP: 0010:skb_try_coalesce+0x504/0x590 Code: 4b fd ff ff 49 8b 34 24 40 80 e6 40 0f 84 3d fd ff ff 49 8b 74 24 48 40 f6 c6 01 0f 84 2e fd ff ff 48 8d 4e ff e9 25 fd ff ff <0f> 0b e99 RSP: 0018:ffffb62c4120caa8 EFLAGS: 00010287 RAX: 0000000000000003 RBX: ffffb62c4120cb14 RCX: 0000000000000ec0 RDX: 0000000000001000 RSI: ffffa06e5d7dc000 RDI: 0000000000000003 RBP: ffffa06e5d7ddec0 R08: ffffa06e6120a800 R09: ffffa06e7a119900 R10: 0000000000002310 R11: ffffa06e5d7dcec0 R12: ffffe4360575f740 R13: ffffe43600000000 R14: 0000000000000002 R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffffa0755f700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f147b76b0f8 CR3: 00000001615d4000 CR4: 00000000007506f0 PKRU: 55555554 Call Trace: <IRQ> ? __warn+0x84/0x130 ? skb_try_coalesce+0x504/0x590 ? report_bug+0x18a/0x1a0 ? handle_bug+0x53/0x90 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? skb_try_coalesce+0x504/0x590 inet_frag_reasm_finish+0x11f/0x2e0 ip_defrag+0x37a/0x900 ip_local_deliver+0x51/0x120 ip_sublist_rcv_finish+0x64/0x70 ip_sublist_rcv+0x179/0x210 ip_list_rcv+0xf9/0x130 How to reproduce: <Node A> ip link set $interface1 xdp obj xdp_pass.o ip link set $interface1 mtu 9000 up ip a a 10.0.0.1/24 dev $interface1 <Node B> ip link set $interfac2 mtu 9000 up ip a a 10.0.0.2/24 dev $interface2 ping 10.0.0.1 -s 65000 Following ping.py patch adds xdp-mb-pass case. so ping.py is going to be able to reproduce this issue. CVE-2025-21961 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21961.html CVE-2025-21961 https://bugzilla.suse.com/1240816 SUSE Bug 1240816 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-21962 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21962.html CVE-2025-21962 https://bugzilla.suse.com/1240655 SUSE Bug 1240655 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-21963 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21963.html CVE-2025-21963 https://bugzilla.suse.com/1240717 SUSE Bug 1240717 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies which can lead to an integer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-21964 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21964.html CVE-2025-21964 https://bugzilla.suse.com/1240740 SUSE Bug 1240740 In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being passed to bio_init CVE-2025-21966 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21966.html CVE-2025-21966 https://bugzilla.suse.com/1240779 SUSE Bug 1240779 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free on hdcp_work [Why] A slab-use-after-free is reported when HDCP is destroyed but the property_validate_dwork queue is still running. [How] Cancel the delayed work when destroying workqueue. (cherry picked from commit 725a04ba5a95e89c89633d4322430cfbca7ce128) CVE-2025-21968 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21968.html CVE-2025-21968 https://bugzilla.suse.com/1240783 SUSE Bug 1240783 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released l2cap_conn when sending to the upper layer. Add hci dev lock to the hci receive data work queue to synchronize the two. [1] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954 Read of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837 CPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: hci1 hci_rx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline] l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954 l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline] l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline] l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817 hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline] hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 5837: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329 kmalloc_noprof include/linux/slab.h:901 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860 l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239 hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline] hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726 hci_event_func net/bluetooth/hci_event.c:7473 [inline] hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525 hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 54: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2353 [inline] slab_free mm/slub.c:4613 [inline] kfree+0x196/0x430 mm/slub.c:4761 l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235 hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline] hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266 hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr ---truncated--- CVE-2025-21969 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21969.html CVE-2025-21969 https://bugzilla.suse.com/1240784 SUSE Bug 1240784 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Bridge, fix the crash caused by LAG state check When removing LAG device from bridge, NETDEV_CHANGEUPPER event is triggered. Driver finds the lower devices (PFs) to flush all the offloaded entries. And mlx5_lag_is_shared_fdb is checked, it returns false if one of PF is unloaded. In such case, mlx5_esw_bridge_lag_rep_get() and its caller return NULL, instead of the alive PF, and the flush is skipped. Besides, the bridge fdb entry's lastuse is updated in mlx5 bridge event handler. But this SWITCHDEV_FDB_ADD_TO_BRIDGE event can be ignored in this case because the upper interface for bond is deleted, and the entry will never be aged because lastuse is never updated. To make things worse, as the entry is alive, mlx5 bridge workqueue keeps sending that event, which is then handled by kernel bridge notifier. It causes the following crash when accessing the passed bond netdev which is already destroyed. To fix this issue, remove such checks. LAG state is already checked in commit 15f8f168952f ("net/mlx5: Bridge, verify LAG state when adding bond to bridge"), driver still need to skip offload if LAG becomes invalid state after initialization. Oops: stack segment: 0000 [#1] SMP CPU: 3 UID: 0 PID: 23695 Comm: kworker/u40:3 Tainted: G OE 6.11.0_mlnx #1 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5_bridge_wq mlx5_esw_bridge_update_work [mlx5_core] RIP: 0010:br_switchdev_event+0x2c/0x110 [bridge] Code: 44 00 00 48 8b 02 48 f7 00 00 02 00 00 74 69 41 54 55 53 48 83 ec 08 48 8b a8 08 01 00 00 48 85 ed 74 4a 48 83 fe 02 48 89 d3 <4c> 8b 65 00 74 23 76 49 48 83 fe 05 74 7e 48 83 fe 06 75 2f 0f b7 RSP: 0018:ffffc900092cfda0 EFLAGS: 00010297 RAX: ffff888123bfe000 RBX: ffffc900092cfe08 RCX: 00000000ffffffff RDX: ffffc900092cfe08 RSI: 0000000000000001 RDI: ffffffffa0c585f0 RBP: 6669746f6e690a30 R08: 0000000000000000 R09: ffff888123ae92c8 R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888123ae9c60 R13: 0000000000000001 R14: ffffc900092cfe08 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88852c980000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f15914c8734 CR3: 0000000002830005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? die+0x38/0x60 ? do_trap+0x10b/0x120 ? do_error_trap+0x64/0xa0 ? exc_stack_segment+0x33/0x50 ? asm_exc_stack_segment+0x22/0x30 ? br_switchdev_event+0x2c/0x110 [bridge] ? sched_balance_newidle.isra.149+0x248/0x390 notifier_call_chain+0x4b/0xa0 atomic_notifier_call_chain+0x16/0x20 mlx5_esw_bridge_update+0xec/0x170 [mlx5_core] mlx5_esw_bridge_update_work+0x19/0x40 [mlx5_core] process_scheduled_works+0x81/0x390 worker_thread+0x106/0x250 ? bh_worker+0x110/0x110 kthread+0xb7/0xe0 ? kthread_park+0x80/0x80 ret_from_fork+0x2d/0x50 ? kthread_park+0x80/0x80 ret_from_fork_asm+0x11/0x20 </TASK> CVE-2025-21970 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21970.html CVE-2025-21970 https://bugzilla.suse.com/1240819 SUSE Bug 1240819 In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal. CVE-2025-21971 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21971.html CVE-2025-21971 https://bugzilla.suse.com/1240799 SUSE Bug 1240799 In the Linux kernel, the following vulnerability has been resolved: net: mctp: unshare packets when reassembling Ensure that the frag_list used for reassembly isn't shared with other packets. This avoids incorrect reassembly when packets are cloned, and prevents a memory leak due to circular references between fragments and their skb_shared_info. The upcoming MCTP-over-USB driver uses skb_clone which can trigger the problem - other MCTP drivers don't share SKBs. A kunit test is added to reproduce the issue. CVE-2025-21972 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21972.html CVE-2025-21972 https://bugzilla.suse.com/1240813 SUSE Bug 1240813 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: handle errors in mlx5_chains_create_table() In mlx5_chains_create_table(), the return value of mlx5_get_fdb_sub_ns() and mlx5_get_flow_namespace() must be checked to prevent NULL pointer dereferences. If either function fails, the function should log error message with mlx5_core_warn() and return error pointer. CVE-2025-21975 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21975.html CVE-2025-21975 https://bugzilla.suse.com/1240812 SUSE Bug 1240812 In the Linux kernel, the following vulnerability has been resolved: drm/hyperv: Fix address space leak when Hyper-V DRM device is removed When a Hyper-V DRM device is probed, the driver allocates MMIO space for the vram, and maps it cacheable. If the device removed, or in the error path for device probing, the MMIO space is released but no unmap is done. Consequently the kernel address space for the mapping is leaked. Fix this by adding iounmap() calls in the device removal path, and in the error path during device probing. CVE-2025-21978 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21978.html CVE-2025-21978 https://bugzilla.suse.com/1240806 SUSE Bug 1240806 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and initialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the rdev::wiphy_work is getting queued. If wiphy_free is called before the rdev::wiphy_work had a chance to run, the wiphy memory will be freed, and then when it eventally gets to run it'll use invalid memory. Fix this by canceling the work before freeing the wiphy. CVE-2025-21979 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21979.html CVE-2025-21979 https://bugzilla.suse.com/1240808 SUSE Bug 1240808 In the Linux kernel, the following vulnerability has been resolved: sched: address a potential NULL pointer dereference in the GRED scheduler. If kzalloc in gred_init returns a NULL pointer, the code follows the error handling path, invoking gred_destroy. This, in turn, calls gred_offload, where memset could receive a NULL pointer as input, potentially leading to a kernel crash. When table->opt is NULL in gred_init(), gred_change_table_def() is not called yet, so it is not necessary to call ->ndo_setup_tc() in gred_offload(). CVE-2025-21980 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21980.html CVE-2025-21980 https://bugzilla.suse.com/1240809 SUSE Bug 1240809 In the Linux kernel, the following vulnerability has been resolved: ice: fix memory leak in aRFS after reset Fix aRFS (accelerated Receive Flow Steering) structures memory leak by adding a checker to verify if aRFS memory is already allocated while configuring VSI. aRFS objects are allocated in two cases: - as part of VSI initialization (at probe), and - as part of reset handling However, VSI reconfiguration executed during reset involves memory allocation one more time, without prior releasing already allocated resources. This led to the memory leak with the following signature: [root@os-delivery ~]# cat /sys/kernel/debug/kmemleak unreferenced object 0xff3c1ca7252e6000 (size 8192): comm "kworker/0:0", pid 8, jiffies 4296833052 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): [<ffffffff991ec485>] __kmalloc_cache_noprof+0x275/0x340 [<ffffffffc0a6e06a>] ice_init_arfs+0x3a/0xe0 [ice] [<ffffffffc09f1027>] ice_vsi_cfg_def+0x607/0x850 [ice] [<ffffffffc09f244b>] ice_vsi_setup+0x5b/0x130 [ice] [<ffffffffc09c2131>] ice_init+0x1c1/0x460 [ice] [<ffffffffc09c64af>] ice_probe+0x2af/0x520 [ice] [<ffffffff994fbcd3>] local_pci_probe+0x43/0xa0 [<ffffffff98f07103>] work_for_cpu_fn+0x13/0x20 [<ffffffff98f0b6d9>] process_one_work+0x179/0x390 [<ffffffff98f0c1e9>] worker_thread+0x239/0x340 [<ffffffff98f14abc>] kthread+0xcc/0x100 [<ffffffff98e45a6d>] ret_from_fork+0x2d/0x50 [<ffffffff98e083ba>] ret_from_fork_asm+0x1a/0x30 ... CVE-2025-21981 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21981.html CVE-2025-21981 https://bugzilla.suse.com/1240612 SUSE Bug 1240612 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bound accesses [WHAT & HOW] hpo_stream_to_link_encoder_mapping has size MAX_HPO_DP2_ENCODERS(=4), but location can have size up to 6. As a result, it is necessary to check location against MAX_HPO_DP2_ENCODERS. Similiarly, disp_cfg_stream_location can be used as an array index which should be 0..5, so the ASSERT's conditions should be less without equal. CVE-2025-21985 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21985.html CVE-2025-21985 https://bugzilla.suse.com/1240811 SUSE Bug 1240811 In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask. According to Documentation/admin-guide/mm/numaperf.rst: "Some memory may share the same node as a CPU, and others are provided as memory only nodes." Therefore, some node CPU masks may be empty and wouldn't have a "first CPU". On a machine with far memory (and therefore CPU-less NUMA nodes): - cpumask_of_node(nid) is 0 - cpumask_first(0) is CONFIG_NR_CPUS - cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an index that is 1 out of bounds This does not have any security implications since flashing microcode is a privileged operation but I believe this has reliability implications by potentially corrupting memory while flashing a microcode update. When booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes a microcode update. I get the following splat: UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y index 512 is out of range for type 'unsigned long[512]' [...] Call Trace: dump_stack __ubsan_handle_out_of_bounds load_microcode_amd request_microcode_amd reload_store kernfs_fop_write_iter vfs_write ksys_write do_syscall_64 entry_SYSCALL_64_after_hwframe Change the loop to go over only NUMA nodes which have CPUs before determining whether the first CPU on the respective node needs microcode update. [ bp: Massage commit message, fix typo. ] CVE-2025-21991 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21991.html CVE-2025-21991 https://bugzilla.suse.com/1240795 SUSE Bug 1240795 In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access this non-functional sensor via iio_info causes system hangs as runtime PM tries to wake up an unresponsive sensor. [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff Add this device to the HID ignore list since the sensor interface is non-functional by design and should not be exposed to userspace. CVE-2025-21992 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21992.html CVE-2025-21992 https://bugzilla.suse.com/1240796 SUSE Bug 1240796 In the Linux kernel, the following vulnerability has been resolved: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() When performing an iSCSI boot using IPv6, iscsistart still reads the /sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix length is 64, this causes the shift exponent to become negative, triggering a UBSAN warning. As the concept of a subnet mask does not apply to IPv6, the value is set to ~0 to suppress the warning message. CVE-2025-21993 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21993.html CVE-2025-21993 https://bugzilla.suse.com/1240797 SUSE Bug 1240797 In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The last_scheduled fence leaks when an entity is being killed and adding the cleanup callback fails. Decrement the reference count of prev when dma_fence_add_callback() fails, ensuring proper balance. [phasta: add git tag info for stable kernel] CVE-2025-21995 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21995.html CVE-2025-21995 https://bugzilla.suse.com/1240821 SUSE Bug 1240821 In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via ioctl() call to radeon_vce_cs_parse() is weirdly crafted and first command to execute is to encode (case 0x03000001), the function in question will attempt to call radeon_vce_cs_reloc() with size argument that has not been properly initialized. Specifically, 'size' will point to 'tmp' variable before the latter had a chance to be assigned any value. Play it safe and init 'tmp' with 0, thus ensuring that radeon_vce_cs_reloc() will catch an early error in cases like these. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. (cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68) CVE-2025-21996 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21996.html CVE-2025-21996 https://bugzilla.suse.com/1240801 SUSE Bug 1240801 In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered is a bug unless use_pde/unuse_pde() pair has been used. use_pde/unuse_pde can be avoided (2 atomic ops!) because pde->proc_ops never changes so information necessary for inode instantiation can be saved _before_ proc_register() in PDE itself and used later, avoiding pde->proc_ops->... dereference. rmmod lookup sys_delete_module proc_lookup_de pde_get(de); proc_get_inode(dir->i_sb, de); mod->exit() proc_remove remove_proc_subtree proc_entry_rundown(de); free_module(mod); if (S_ISREG(inode->i_mode)) if (de->proc_ops->proc_read_iter) --> As module is already freed, will trigger UAF BUG: unable to handle page fault for address: fffffbfff80a702b PGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:proc_get_inode+0x302/0x6e0 RSP: 0018:ffff88811c837998 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007 RDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158 RBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20 R10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0 R13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001 FS: 00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> proc_lookup_de+0x11f/0x2e0 __lookup_slow+0x188/0x350 walk_component+0x2ab/0x4f0 path_lookupat+0x120/0x660 filename_lookup+0x1ce/0x560 vfs_statx+0xac/0x150 __do_sys_newstat+0x96/0x110 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e [adobriyan@gmail.com: don't do 2 atomic ops on the common path] CVE-2025-21999 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-21999.html CVE-2025-21999 https://bugzilla.suse.com/1240802 SUSE Bug 1240802 https://bugzilla.suse.com/1242579 SUSE Bug 1242579 In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaic_validate_req() These are u64 variables that come from the user via qaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that the math doesn't have an integer wrapping bug. CVE-2025-22001 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22001.html CVE-2025-22001 https://bugzilla.suse.com/1240873 SUSE Bug 1240873 In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy() source Commit 7fdaf8966aae ("can: ucan: use strscpy() to instead of strncpy()") unintentionally introduced a one byte out of bound read on strscpy()'s source argument (which is kind of ironic knowing that strscpy() is meant to be a more secure alternative :)). Let's consider below buffers: dest[len + 1]; /* will be NUL terminated */ src[len]; /* may not be NUL terminated */ When doing: strncpy(dest, src, len); dest[len] = '\0'; strncpy() will read up to len bytes from src. On the other hand: strscpy(dest, src, len + 1); will read up to len + 1 bytes from src, that is to say, an out of bound read of one byte will occur on src if it is not NUL terminated. Note that the src[len] byte is never copied, but strscpy() still needs to read it to check whether a truncation occurred or not. This exact pattern happened in ucan. The root cause is that the source is not NUL terminated. Instead of doing a copy in a local buffer, directly NUL terminate it as soon as usb_control_msg() returns. With this, the local firmware_str[] variable can be removed. On top of this do a couple refactors: - ucan_ctl_payload->raw is only used for the firmware string, so rename it to ucan_ctl_payload->fw_str and change its type from u8 to char. - ucan_device_request_in() is only used to retrieve the firmware string, so rename it to ucan_get_fw_str() and refactor it to make it directly handle all the string termination logic. CVE-2025-22003 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22003.html CVE-2025-22003 https://bugzilla.suse.com/1240825 SUSE Bug 1240825 In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free. CVE-2025-22004 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22004.html CVE-2025-22004 https://bugzilla.suse.com/1240835 SUSE Bug 1240835 https://bugzilla.suse.com/1241090 SUSE Bug 1241090 In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh") moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init() but forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in case it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak. Let's call fib_nh_common_release() and clear nhc_pcpu_rth_output in the error path. Note that we can remove the fib6_nh_release() call in nh_create_ipv6() later in net-next.git. CVE-2025-22005 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22005.html CVE-2025-22005 https://bugzilla.suse.com/1240866 SUSE Bug 1240866 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix error code in chan_alloc_skb_cb() The chan_alloc_skb_cb() function is supposed to return error pointers on error. Returning NULL will lead to a NULL dereference. CVE-2025-22007 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22007.html CVE-2025-22007 https://bugzilla.suse.com/1240829 SUSE Bug 1240829 In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been probed when first accessing it. CVE-2025-22008 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22008.html CVE-2025-22008 https://bugzilla.suse.com/1240942 SUSE Bug 1240942 In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes I get a NULL pointer dereference at boot time in kobject_get() with the following call stack: anatop_regulator_probe() devm_regulator_register() regulator_register() regulator_resolve_supply() kobject_get() By placing some extra BUG_ON() statements I could verify that this is raised because probing of the 'dummy' regulator driver is not completed ('dummy_regulator_rdev' is still NULL). In the JTAG debugger I can see that dummy_regulator_probe() and anatop_regulator_probe() can be run by different kernel threads (kworker/u4:*). I haven't further investigated whether this can be changed or if there are other possibilities to force synchronization between these two probe routines. On the other hand I don't expect much boot time penalty by probing the 'dummy' regulator synchronously. CVE-2025-22009 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22009.html CVE-2025-22009 https://bugzilla.suse.com/1240940 SUSE Bug 1240940 In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated, it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... Call trace: hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2] hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2] hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2] alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2] hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x118/0x290 watchdog: BUG: soft lockup - CPU#35 stuck for 23s! ... Call trace: hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2] mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2] hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2] alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2] hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x120/0x2bc Add a cond_resched() to fix soft lockup during these loops. In order not to affect the allocation performance of normal-size buffer, set the loop count of a 100GB MR as the threshold to call cond_resched(). CVE-2025-22010 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22010.html CVE-2025-22010 https://bugzilla.suse.com/1240943 SUSE Bug 1240943 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the host's FPSIMD/SVE state, including: * Host SVE being discarded unexpectedly due to inconsistent configuration of TIF_SVE and CPACR_ELx.ZEN. This has been seen to result in QEMU crashes where SVE is used by memmove(), as reported by Eric Auger: https://issues.redhat.com/browse/RHEL-68997 * Host SVE state is discarded *after* modification by ptrace, which was an unintentional ptrace ABI change introduced with lazy discarding of SVE state. * The host FPMR value can be discarded when running a non-protected VM, where FPMR support is not exposed to a VM, and that VM uses FPSIMD/SVE. In these cases the hyp code does not save the host's FPMR before unbinding the host's FPSIMD/SVE/SME state, leaving a stale value in memory. Avoid these by eagerly saving and "flushing" the host's FPSIMD/SVE/SME state when loading a vCPU such that KVM does not need to save any of the host's FPSIMD/SVE/SME state. For clarity, fpsimd_kvm_prepare() is removed and the necessary call to fpsimd_save_and_flush_cpu_state() is placed in kvm_arch_vcpu_load_fp(). As 'fpsimd_state' and 'fpmr_ptr' should not be used, they are set to NULL; all uses of these will be removed in subsequent patches. Historical problems go back at least as far as v5.17, e.g. erroneous assumptions about TIF_SVE being clear in commit: 8383741ab2e773a9 ("KVM: arm64: Get rid of host SVE tracking/saving") ... and so this eager save+flush probably needs to be backported to ALL stable trees. CVE-2025-22013 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22013.html CVE-2025-22013 https://bugzilla.suse.com/1240938 SUSE Bug 1240938 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: Fix the potential deadlock When some client process A call pdr_add_lookup() to add the look up for the service and does schedule locator work, later a process B got a new server packet indicating locator is up and call pdr_locator_new_server() which eventually sets pdr->locator_init_complete to true which process A sees and takes list lock and queries domain list but it will timeout due to deadlock as the response will queued to the same qmi->wq and it is ordered workqueue and process B is not able to complete new server request work due to deadlock on list lock. Fix it by removing the unnecessary list iteration as the list iteration is already being done inside locator work, so avoid it here and just call schedule_work() here. Process A Process B process_scheduled_works() pdr_add_lookup() qmi_data_ready_work() process_scheduled_works() pdr_locator_new_server() pdr->locator_init_complete=true; pdr_locator_work() mutex_lock(&pdr->list_lock); pdr_locate_service() mutex_lock(&pdr->list_lock); pdr_get_domain_list() pr_err("PDR: %s get domain list txn wait failed: %d\n", req->service_name, ret); Timeout error log due to deadlock: " PDR: tms/servreg get domain list txn wait failed: -110 PDR: service lookup for msm/adsp/sensor_pd:tms/servreg failed: -110 " Thanks to Bjorn and Johan for letting me know that this commit also fixes an audio regression when using the in-kernel pd-mapper as that makes it easier to hit this race. [1] CVE-2025-22014 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22014.html CVE-2025-22014 https://bugzilla.suse.com/1240937 SUSE Bug 1240937 In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio->mapping should be NULL, and the folio is no longer in a shmem mapping. In __folio_migrate_mapping(), to determine the number of xarray entries to update, folio_test_swapbacked() is used, but that conflates shmem in page cache case and shmem in swap cache case. It leads to xarray multi-index entry corruption, since it turns a sibling entry to a normal entry during xas_store() (see [1] for a userspace reproduction). Fix it by only using folio_test_swapcache() to determine whether xarray is storing swap cache entries or not to choose the right number of xarray entries to update. [1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/ Note: In __split_huge_page(), folio_test_anon() && folio_test_swapcache() is used to get swap_cache address space, but that ignores the shmem folio in swap cache case. It could lead to NULL pointer dereferencing when a in-swap-cache shmem folio is split at __xa_store(), since !folio_test_anon() is true and folio->mapping is NULL. But fortunately, its caller split_huge_page_to_list_to_order() bails out early with EBUSY when folio->mapping is NULL. So no need to take care of it here. CVE-2025-22015 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22015.html CVE-2025-22015 https://bugzilla.suse.com/1240944 SUSE Bug 1240944 In the Linux kernel, the following vulnerability has been resolved: dpll: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. Which can lead to dereference not allocated pointer (pin). Fix it by checking if err is lower than zero. This wasn't found in real usecase, only noticed. Credit to Pierre. CVE-2025-22016 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22016.html CVE-2025-22016 https://bugzilla.suse.com/1240934 SUSE Bug 1240934 In the Linux kernel, the following vulnerability has been resolved: devlink: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. Which can lead to dereference not allocated pointer (rel). Fix it by checking if err is lower than zero. This wasn't found in real usecase, only noticed. Credit to Pierre. CVE-2025-22017 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22017.html CVE-2025-22017 https://bugzilla.suse.com/1240936 SUSE Bug 1240936 In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOA_cache_impos_rcvd() receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holding_time are NULL. Because there is only for the situation where entry is NULL and holding_time exists, it can be passed when both entry and holding_time are NULL. If these are NULL, the entry will be passd to eg_cache_put() as parameter and it is referenced by entry->use code in it. kasan log: [ 3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I [ 3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102 [ 3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470 [ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80 [ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006 [ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e [ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030 [ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88 [ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15 [ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068 [ 3.324185] FS: 000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000 [ 3.325042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0 [ 3.326430] Call Trace: [ 3.326725] <TASK> [ 3.326927] ? die_addr+0x3c/0xa0 [ 3.327330] ? exc_general_protection+0x161/0x2a0 [ 3.327662] ? asm_exc_general_protection+0x26/0x30 [ 3.328214] ? vprintk_emit+0x15e/0x420 [ 3.328543] ? eg_cache_remove_entry+0xa5/0x470 [ 3.328910] ? eg_cache_remove_entry+0x9a/0x470 [ 3.329294] ? __pfx_eg_cache_remove_entry+0x10/0x10 [ 3.329664] ? console_unlock+0x107/0x1d0 [ 3.329946] ? __pfx_console_unlock+0x10/0x10 [ 3.330283] ? do_syscall_64+0xa6/0x1a0 [ 3.330584] ? entry_SYSCALL_64_after_hwframe+0x47/0x7f [ 3.331090] ? __pfx_prb_read_valid+0x10/0x10 [ 3.331395] ? down_trylock+0x52/0x80 [ 3.331703] ? vprintk_emit+0x15e/0x420 [ 3.331986] ? __pfx_vprintk_emit+0x10/0x10 [ 3.332279] ? down_trylock+0x52/0x80 [ 3.332527] ? _printk+0xbf/0x100 [ 3.332762] ? __pfx__printk+0x10/0x10 [ 3.333007] ? _raw_write_lock_irq+0x81/0xe0 [ 3.333284] ? __pfx__raw_write_lock_irq+0x10/0x10 [ 3.333614] msg_from_mpoad+0x1185/0x2750 [ 3.333893] ? __build_skb_around+0x27b/0x3a0 [ 3.334183] ? __pfx_msg_from_mpoad+0x10/0x10 [ 3.334501] ? __alloc_skb+0x1c0/0x310 [ 3.334809] ? __pfx___alloc_skb+0x10/0x10 [ 3.335283] ? _raw_spin_lock+0xe0/0xe0 [ 3.335632] ? finish_wait+0x8d/0x1e0 [ 3.335975] vcc_sendmsg+0x684/0xba0 [ 3.336250] ? __pfx_vcc_sendmsg+0x10/0x10 [ 3.336587] ? __pfx_autoremove_wake_function+0x10/0x10 [ 3.337056] ? fdget+0x176/0x3e0 [ 3.337348] __sys_sendto+0x4a2/0x510 [ 3.337663] ? __pfx___sys_sendto+0x10/0x10 [ 3.337969] ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400 [ 3.338364] ? sock_ioctl+0x1bb/0x5a0 [ 3.338653] ? __rseq_handle_notify_resume+0x825/0xd20 [ 3.339017] ? __pfx_sock_ioctl+0x10/0x10 [ 3.339316] ? __pfx___rseq_handle_notify_resume+0x10/0x10 [ 3.339727] ? selinux_file_ioctl+0xa4/0x260 [ 3.340166] __x64_sys_sendto+0xe0/0x1c0 [ 3.340526] ? syscall_exit_to_user_mode+0x123/0x140 [ 3.340898] do_syscall_64+0xa6/0x1a0 [ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3.341533] RIP: 0033:0x44a380 [ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00 [ ---truncated--- CVE-2025-22018 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22018.html CVE-2025-22018 https://bugzilla.suse.com/1241266 SUSE Bug 1241266 In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241 CPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1 Tainted: [E]=UNSIGNED_MODULE Hardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024 Workqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms] Call Trace: <TASK> dump_stack_lvl+0x51/0x70 print_address_description.constprop.0+0x27/0x320 ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] print_report+0x3e/0x70 kasan_report+0xab/0xe0 ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms] ? __pfx___schedule+0x10/0x10 ? kick_pool+0x3b/0x270 process_one_work+0x357/0x660 worker_thread+0x390/0x4c0 ? __pfx_worker_thread+0x10/0x10 kthread+0x190/0x1d0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 161446: kasan_save_stack+0x20/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0x7b/0x90 __kmalloc_noprof+0x1a7/0x470 memstick_alloc_host+0x1f/0xe0 [memstick] rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms] platform_probe+0x60/0xe0 call_driver_probe+0x35/0x120 really_probe+0x123/0x410 __driver_probe_device+0xc7/0x1e0 driver_probe_device+0x49/0xf0 __device_attach_driver+0xc6/0x160 bus_for_each_drv+0xe4/0x160 __device_attach+0x13a/0x2b0 bus_probe_device+0xbd/0xd0 device_add+0x4a5/0x760 platform_device_add+0x189/0x370 mfd_add_device+0x587/0x5e0 mfd_add_devices+0xb1/0x130 rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb] usb_probe_interface+0x15c/0x460 call_driver_probe+0x35/0x120 really_probe+0x123/0x410 __driver_probe_device+0xc7/0x1e0 driver_probe_device+0x49/0xf0 __device_attach_driver+0xc6/0x160 bus_for_each_drv+0xe4/0x160 __device_attach+0x13a/0x2b0 rebind_marked_interfaces.isra.0+0xcc/0x110 usb_reset_device+0x352/0x410 usbdev_do_ioctl+0xe5c/0x1860 usbdev_ioctl+0xa/0x20 __x64_sys_ioctl+0xc5/0xf0 do_syscall_64+0x59/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 161506: kasan_save_stack+0x20/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x36/0x60 __kasan_slab_free+0x34/0x50 kfree+0x1fd/0x3b0 device_release+0x56/0xf0 kobject_cleanup+0x73/0x1c0 rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms] platform_remove+0x2f/0x50 device_release_driver_internal+0x24b/0x2e0 bus_remove_device+0x124/0x1d0 device_del+0x239/0x530 platform_device_del.part.0+0x19/0xe0 platform_device_unregister+0x1c/0x40 mfd_remove_devices_fn+0x167/0x170 device_for_each_child_reverse+0xc9/0x130 mfd_remove_devices+0x6e/0xa0 rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb] usb_unbind_interface+0xf3/0x3f0 device_release_driver_internal+0x24b/0x2e0 proc_disconnect_claim+0x13d/0x220 usbdev_do_ioctl+0xb5e/0x1860 usbdev_ioctl+0xa/0x20 __x64_sys_ioctl+0xc5/0xf0 do_syscall_64+0x59/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Last potentially related work creation: kasan_save_stack+0x20/0x40 kasan_record_aux_stack+0x85/0x90 insert_work+0x29/0x100 __queue_work+0x34a/0x540 call_timer_fn+0x2a/0x160 expire_timers+0x5f/0x1f0 __run_timer_base.part.0+0x1b6/0x1e0 run_timer_softirq+0x8b/0xe0 handle_softirqs+0xf9/0x360 __irq_exit_rcu+0x114/0x130 sysvec_apic_timer_interrupt+0x72/0x90 asm_sysvec_apic_timer_interrupt+0x16/0x20 Second to last potentially related work creation: kasan_save_stack+0x20/0x40 kasan_record_aux_stack+0x85/0x90 insert_work+0x29/0x100 __queue_work+0x34a/0x540 call_timer_fn+0x2a/0x160 expire_timers+0x5f/0x1f0 __run_timer_base.part.0+0x1b6/0x1e0 run_timer_softirq+0x8b/0xe0 handle_softirqs+0xf9/0x ---truncated--- CVE-2025-22020 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22020.html CVE-2025-22020 https://bugzilla.suse.com/1241280 SUSE Bug 1241280 In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket (if any). Then socket_match() can correctly check whether the socket was transparent. However, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this conntrack lookup, making xt_socket fail to match on the socket when the packet was SNATed. Add the same logic to nf_sk_lookup_slow_v6. IPv6 SNAT is used in Kubernetes clusters for pod-to-world packets, as pods' addresses are in the fd00::/8 ULA subnet and need to be replaced with the node's external address. Cilium leverages Envoy to enforce L7 policies, and Envoy uses transparent sockets. Cilium inserts an iptables prerouting rule that matches on `-m socket --transparent` and redirects the packets to localhost, but it fails to match SNATed IPv6 packets due to that missing conntrack lookup. CVE-2025-22021 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22021.html CVE-2025-22021 https://bugzilla.suse.com/1241282 SUSE Bug 1241282 In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we increment the reference count of dl_stid. We expect that after the corresponding work_struct is processed, the reference count of dl_stid will be decremented through the callback function nfsd4_cb_recall_release. However, if the call to nfsd4_run_cb fails, the incremented reference count of dl_stid will not be decremented correspondingly, leading to the following nfs4_stid leak: unreferenced object 0xffff88812067b578 (size 344): comm "nfsd", pid 2761, jiffies 4295044002 (age 5541.241s) hex dump (first 32 bytes): 01 00 00 00 6b 6b 6b 6b b8 02 c0 e2 81 88 ff ff ....kkkk........ 00 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 ad 4e ad de .kkkkkkk.....N.. backtrace: kmem_cache_alloc+0x4b9/0x700 nfsd4_process_open1+0x34/0x300 nfsd4_open+0x2d1/0x9d0 nfsd4_proc_compound+0x7a2/0xe30 nfsd_dispatch+0x241/0x3e0 svc_process_common+0x5d3/0xcc0 svc_process+0x2a3/0x320 nfsd+0x180/0x2e0 kthread+0x199/0x1d0 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1b/0x30 unreferenced object 0xffff8881499f4d28 (size 368): comm "nfsd", pid 2761, jiffies 4295044005 (age 5541.239s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 30 4d 9f 49 81 88 ff ff ........0M.I.... 30 4d 9f 49 81 88 ff ff 20 00 00 00 01 00 00 00 0M.I.... ....... backtrace: kmem_cache_alloc+0x4b9/0x700 nfs4_alloc_stid+0x29/0x210 alloc_init_deleg+0x92/0x2e0 nfs4_set_delegation+0x284/0xc00 nfs4_open_delegation+0x216/0x3f0 nfsd4_process_open2+0x2b3/0xee0 nfsd4_open+0x770/0x9d0 nfsd4_proc_compound+0x7a2/0xe30 nfsd_dispatch+0x241/0x3e0 svc_process_common+0x5d3/0xcc0 svc_process+0x2a3/0x320 nfsd+0x180/0x2e0 kthread+0x199/0x1d0 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1b/0x30 Fix it by checking the result of nfsd4_run_cb and call nfs4_put_stid if fail to queue dl_recall. CVE-2025-22025 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22025.html CVE-2025-22025 https://bugzilla.suse.com/1241361 SUSE Bug 1241361 In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer dereference of dev->raw pointer, even though it is checked for NULL in the same function, which means there is a race condition. It occurs due to the incorrect order of actions in the streamzap_disconnect() function: rc_unregister_device() is called before usb_kill_urb(). The dev->raw pointer is freed and set to NULL in rc_unregister_device(), and only after that usb_kill_urb() waits for in-progress requests to finish. If rc_unregister_device() is called while streamzap_callback() handler is not finished, this can lead to accessing freed resources. Thus rc_unregister_device() should be called after usb_kill_urb(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2025-22027 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22027.html CVE-2025-22027 https://bugzilla.suse.com/1241369 SUSE Bug 1241369 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2025-22029 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22029.html CVE-2025-22029 https://bugzilla.suse.com/1241378 SUSE Bug 1241378 https://bugzilla.suse.com/1241379 SUSE Bug 1241379 In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Currently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding the per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_lock (through crypto_exit_scomp_ops_async()). On the other hand, crypto_alloc_acomp_node() holds the scomp_lock (through crypto_scomp_init_tfm()), and then allocates memory. If the allocation results in reclaim, we may attempt to hold the per-CPU acomp_ctx mutex. The above dependencies can cause an ABBA deadlock. For example in the following scenario: (1) Task A running on CPU #1: crypto_alloc_acomp_node() Holds scomp_lock Enters reclaim Reads per_cpu_ptr(pool->acomp_ctx, 1) (2) Task A is descheduled (3) CPU #1 goes offline zswap_cpu_comp_dead(CPU #1) Holds per_cpu_ptr(pool->acomp_ctx, 1)) Calls crypto_free_acomp() Waits for scomp_lock (4) Task A running on CPU #2: Waits for per_cpu_ptr(pool->acomp_ctx, 1) // Read on CPU #1 DEADLOCK Since there is no requirement to call crypto_free_acomp() with the per-CPU acomp_ctx mutex held in zswap_cpu_comp_dead(), move it after the mutex is unlocked. Also move the acomp_request_free() and kfree() calls for consistency and to avoid any potential sublte locking dependencies in the future. With this, only setting acomp_ctx fields to NULL occurs with the mutex held. This is similar to how zswap_cpu_comp_prepare() only initializes acomp_ctx fields with the mutex held, after performing all allocations before holding the mutex. Opportunistically, move the NULL check on acomp_ctx so that it takes place before the mutex dereference. CVE-2025-22030 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22030.html CVE-2025-22030 https://bugzilla.suse.com/1241376 SUSE Bug 1241376 In the Linux kernel, the following vulnerability has been resolved: arm64: Don't call NULL in do_compat_alignment_fixup() do_alignment_t32_to_handler() only fixes up alignment faults for specific instructions; it returns NULL otherwise (e.g. LDREX). When that's the case, signal to the caller that it needs to proceed with the regular alignment fault handling (i.e. SIGBUS). Without this patch, the kernel panics: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000086000006 EC = 0x21: IABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault user pgtable: 4k pages, 48-bit VAs, pgdp=00000800164aa000 [0000000000000000] pgd=0800081fdbd22003, p4d=0800081fdbd22003, pud=08000815d51c6003, pmd=0000000000000000 Internal error: Oops: 0000000086000006 [#1] SMP Modules linked in: cfg80211 rfkill xt_nat xt_tcpudp xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter veth nvme_fa> libcrc32c crc32c_generic raid0 multipath linear dm_mod dax raid1 md_mod xhci_pci nvme xhci_hcd nvme_core t10_pi usbcore igb crc64_rocksoft crc64 crc_t10dif crct10dif_generic crct10dif_ce crct10dif_common usb_common i2c_algo_bit i2c> CPU: 2 PID: 3932954 Comm: WPEWebProcess Not tainted 6.1.0-31-arm64 #1 Debian 6.1.128-1 Hardware name: GIGABYTE MP32-AR1-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : 0x0 lr : do_compat_alignment_fixup+0xd8/0x3dc sp : ffff80000f973dd0 x29: ffff80000f973dd0 x28: ffff081b42526180 x27: 0000000000000000 x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 x23: 0000000000000004 x22: 0000000000000000 x21: 0000000000000001 x20: 00000000e8551f00 x19: ffff80000f973eb0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : ffffaebc949bc488 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000400000 x4 : 0000fffffffffffe x3 : 0000000000000000 x2 : ffff80000f973eb0 x1 : 00000000e8551f00 x0 : 0000000000000001 Call trace: 0x0 do_alignment_fault+0x40/0x50 do_mem_abort+0x4c/0xa0 el0_da+0x48/0xf0 el0t_32_sync_handler+0x110/0x140 el0t_32_sync+0x190/0x194 Code: bad PC value ---[ end trace 0000000000000000 ]--- CVE-2025-22033 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22033.html CVE-2025-22033 https://bugzilla.suse.com/1241436 SUSE Bug 1241436 In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, such as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in the following race condition situation. <CPU 0> <CPU 1> mpage_read_folio <<bh on stack>> do_mpage_readpage exfat_get_block bh_read __bh_read get_bh(bh) submit_bh wait_on_buffer ... end_buffer_read_sync __end_buffer_read_notouch unlock_buffer <<keep going>> ... ... ... ... <<bh is not valid out of mpage_read_folio>> . . another_function <<variable A on stack>> put_bh(bh) atomic_dec(bh->b_count) * stack corruption here * This patch returns -EAGAIN if a folio does not have buffers when bh_read needs to be called. By doing this, the caller can fallback to functions like block_read_full_folio(), create a buffer_head in the folio, and then call get_block again. Let's do not call bh_read() with on-stack buffer_head. CVE-2025-22036 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22036.html CVE-2025-22036 https://bugzilla.suse.com/1241426 SUSE Bug 1241426 In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Syzkaller has reported a warning in to_nfit_bus_uuid(): "only secondary bus families can be translated". This warning is emited if the argument is equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first verifies that a user-provided value call_pkg->nd_family of type u64 is not equal to 0. Then the value is converted to int, and only after that is compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid argument to acpi_nfit_ctl(), if call_pkg->nd_family is non-zero, while the lower 32 bits are zero. Furthermore, it is best to return EINVAL immediately upon seeing the invalid user input. The WARNING is insufficient to prevent further undefined behavior based on other invalid user input. All checks of the input value should be applied to the original variable call_pkg->nd_family. [iweiny: update commit message] CVE-2025-22044 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22044.html CVE-2025-22044 https://bugzilla.suse.com/1241424 SUSE Bug 1241424 In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping normal PMD entries (PMD entries that point to page tables) together with the PTE entries in the pointed-to page table: collapse_pte_mapped_thp pmdp_collapse_flush flush_tlb_range The arm64 version of flush_tlb_range() has a comment describing that it can be used for page table removal, and does not use any last-level invalidation optimizations. Fix the X86 version by making it behave the same way. Currently, X86 only uses this information for the following two purposes, which I think means the issue doesn't have much impact: - In native_flush_tlb_multi() for checking if lazy TLB CPUs need to be IPI'd to avoid issues with speculative page table walks. - In Hyper-V TLB paravirtualization, again for lazy TLB stuff. The patch "x86/mm: only invalidate final translations with INVLPGB" which is currently under review (see <https://lore.kernel.org/all/20241230175550.4046587-13-riel@surriel.com/>) would probably be making the impact of this a lot worse. CVE-2025-22045 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22045.html CVE-2025-22045 https://bugzilla.suse.com/1241433 SUSE Bug 1241433 In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rx_complete Missing usbnet_going_away Check in Critical Path. The usb_submit_urb function lacks a usbnet_going_away validation, whereas __usbnet_queue_skb includes this check. This inconsistency creates a race condition where: A URB request may succeed, but the corresponding SKB data fails to be queued. Subsequent processes: (e.g., rx_complete → defer_bh → __skb_unlink(skb, list)) attempt to access skb->next, triggering a NULL pointer dereference (Kernel Panic). CVE-2025-22050 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22050.html CVE-2025-22050 https://bugzilla.suse.com/1241441 SUSE Bug 1241441 In the Linux kernel, the following vulnerability has been resolved: net: ibmveth: make veth_pool_store stop hanging v2: - Created a single error handling unlock and exit in veth_pool_store - Greatly expanded commit message with previous explanatory-only text Summary: Use rtnl_mutex to synchronize veth_pool_store with itself, ibmveth_close and ibmveth_open, preventing multiple calls in a row to napi_disable. Background: Two (or more) threads could call veth_pool_store through writing to /sys/devices/vio/30000002/pool*/*. You can do this easily with a little shell script. This causes a hang. I configured LOCKDEP, compiled ibmveth.c with DEBUG, and built a new kernel. I ran this test again and saw: Setting pool0/active to 0 Setting pool1/active to 1 [ 73.911067][ T4365] ibmveth 30000002 eth0: close starting Setting pool1/active to 1 Setting pool1/active to 0 [ 73.911367][ T4366] ibmveth 30000002 eth0: close starting [ 73.916056][ T4365] ibmveth 30000002 eth0: close complete [ 73.916064][ T4365] ibmveth 30000002 eth0: open starting [ 110.808564][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification. [ 230.808495][ T712] systemd-journald[712]: Sent WATCHDOG=1 notification. [ 243.683786][ T123] INFO: task stress.sh:4365 blocked for more than 122 seconds. [ 243.683827][ T123] Not tainted 6.14.0-01103-g2df0c02dab82-dirty #8 [ 243.683833][ T123] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 243.683838][ T123] task:stress.sh state:D stack:28096 pid:4365 tgid:4365 ppid:4364 task_flags:0x400040 flags:0x00042000 [ 243.683852][ T123] Call Trace: [ 243.683857][ T123] [c00000000c38f690] [0000000000000001] 0x1 (unreliable) [ 243.683868][ T123] [c00000000c38f840] [c00000000001f908] __switch_to+0x318/0x4e0 [ 243.683878][ T123] [c00000000c38f8a0] [c000000001549a70] __schedule+0x500/0x12a0 [ 243.683888][ T123] [c00000000c38f9a0] [c00000000154a878] schedule+0x68/0x210 [ 243.683896][ T123] [c00000000c38f9d0] [c00000000154ac80] schedule_preempt_disabled+0x30/0x50 [ 243.683904][ T123] [c00000000c38fa00] [c00000000154dbb0] __mutex_lock+0x730/0x10f0 [ 243.683913][ T123] [c00000000c38fb10] [c000000001154d40] napi_enable+0x30/0x60 [ 243.683921][ T123] [c00000000c38fb40] [c000000000f4ae94] ibmveth_open+0x68/0x5dc [ 243.683928][ T123] [c00000000c38fbe0] [c000000000f4aa20] veth_pool_store+0x220/0x270 [ 243.683936][ T123] [c00000000c38fc70] [c000000000826278] sysfs_kf_write+0x68/0xb0 [ 243.683944][ T123] [c00000000c38fcb0] [c0000000008240b8] kernfs_fop_write_iter+0x198/0x2d0 [ 243.683951][ T123] [c00000000c38fd00] [c00000000071b9ac] vfs_write+0x34c/0x650 [ 243.683958][ T123] [c00000000c38fdc0] [c00000000071bea8] ksys_write+0x88/0x150 [ 243.683966][ T123] [c00000000c38fe10] [c0000000000317f4] system_call_exception+0x124/0x340 [ 243.683973][ T123] [c00000000c38fe50] [c00000000000d05c] system_call_vectored_common+0x15c/0x2ec ... [ 243.684087][ T123] Showing all locks held in the system: [ 243.684095][ T123] 1 lock held by khungtaskd/123: [ 243.684099][ T123] #0: c00000000278e370 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x50/0x248 [ 243.684114][ T123] 4 locks held by stress.sh/4365: [ 243.684119][ T123] #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150 [ 243.684132][ T123] #1: c000000041aea888 (&of->mutex#2){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x154/0x2d0 [ 243.684143][ T123] #2: c0000000366fb9a8 (kn->active#64){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x160/0x2d0 [ 243.684155][ T123] #3: c000000035ff4cb8 (&dev->lock){+.+.}-{3:3}, at: napi_enable+0x30/0x60 [ 243.684166][ T123] 5 locks held by stress.sh/4366: [ 243.684170][ T123] #0: c00000003a4cd3f8 (sb_writers#3){.+.+}-{0:0}, at: ksys_write+0x88/0x150 [ 243. ---truncated--- CVE-2025-22053 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22053.html CVE-2025-22053 https://bugzilla.suse.com/1241373 SUSE Bug 1241373 In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct geneve_opt uses 5 bit length for each single option, which means every vary size option should be smaller than 128 bytes. However, all current related Netlink policies cannot promise this length condition and the attacker can exploit a exact 128-byte size option to *fake* a zero length option and confuse the parsing logic, further achieve heap out-of-bounds read. One example crash log is like below: [ 3.905425] ================================================================== [ 3.905925] BUG: KASAN: slab-out-of-bounds in nla_put+0xa9/0xe0 [ 3.906255] Read of size 124 at addr ffff888005f291cc by task poc/177 [ 3.906646] [ 3.906775] CPU: 0 PID: 177 Comm: poc-oob-read Not tainted 6.1.132 #1 [ 3.907131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 [ 3.907784] Call Trace: [ 3.907925] <TASK> [ 3.908048] dump_stack_lvl+0x44/0x5c [ 3.908258] print_report+0x184/0x4be [ 3.909151] kasan_report+0xc5/0x100 [ 3.909539] kasan_check_range+0xf3/0x1a0 [ 3.909794] memcpy+0x1f/0x60 [ 3.909968] nla_put+0xa9/0xe0 [ 3.910147] tunnel_key_dump+0x945/0xba0 [ 3.911536] tcf_action_dump_1+0x1c1/0x340 [ 3.912436] tcf_action_dump+0x101/0x180 [ 3.912689] tcf_exts_dump+0x164/0x1e0 [ 3.912905] fw_dump+0x18b/0x2d0 [ 3.913483] tcf_fill_node+0x2ee/0x460 [ 3.914778] tfilter_notify+0xf4/0x180 [ 3.915208] tc_new_tfilter+0xd51/0x10d0 [ 3.918615] rtnetlink_rcv_msg+0x4a2/0x560 [ 3.919118] netlink_rcv_skb+0xcd/0x200 [ 3.919787] netlink_unicast+0x395/0x530 [ 3.921032] netlink_sendmsg+0x3d0/0x6d0 [ 3.921987] __sock_sendmsg+0x99/0xa0 [ 3.922220] __sys_sendto+0x1b7/0x240 [ 3.922682] __x64_sys_sendto+0x72/0x90 [ 3.922906] do_syscall_64+0x5e/0x90 [ 3.923814] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 3.924122] RIP: 0033:0x7e83eab84407 [ 3.924331] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf [ 3.925330] RSP: 002b:00007ffff505e370 EFLAGS: 00000202 ORIG_RAX: 000000000000002c [ 3.925752] RAX: ffffffffffffffda RBX: 00007e83eaafa740 RCX: 00007e83eab84407 [ 3.926173] RDX: 00000000000001a8 RSI: 00007ffff505e3c0 RDI: 0000000000000003 [ 3.926587] RBP: 00007ffff505f460 R08: 00007e83eace1000 R09: 000000000000000c [ 3.926977] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffff505f3c0 [ 3.927367] R13: 00007ffff505f5c8 R14: 00007e83ead1b000 R15: 00005d4fbbe6dcb8 Fix these issues by enforing correct length condition in related policies. CVE-2025-22055 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22055.html CVE-2025-22055 https://bugzilla.suse.com/1241371 SUSE Bug 1241371 https://bugzilla.suse.com/1241372 SUSE Bug 1241372 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the parsing logic should place every geneve_opt structure one by one compactly. Hence, when deciding the next geneve_opt position, the pointer addition should be in units of char *. However, the current implementation erroneously does type conversion before the addition, which will lead to heap out-of-bounds write. [ 6.989857] ================================================================== [ 6.990293] BUG: KASAN: slab-out-of-bounds in nft_tunnel_obj_init+0x977/0xa70 [ 6.990725] Write of size 124 at addr ffff888005f18974 by task poc/178 [ 6.991162] [ 6.991259] CPU: 0 PID: 178 Comm: poc-oob-write Not tainted 6.1.132 #1 [ 6.991655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 [ 6.992281] Call Trace: [ 6.992423] <TASK> [ 6.992586] dump_stack_lvl+0x44/0x5c [ 6.992801] print_report+0x184/0x4be [ 6.993790] kasan_report+0xc5/0x100 [ 6.994252] kasan_check_range+0xf3/0x1a0 [ 6.994486] memcpy+0x38/0x60 [ 6.994692] nft_tunnel_obj_init+0x977/0xa70 [ 6.995677] nft_obj_init+0x10c/0x1b0 [ 6.995891] nf_tables_newobj+0x585/0x950 [ 6.996922] nfnetlink_rcv_batch+0xdf9/0x1020 [ 6.998997] nfnetlink_rcv+0x1df/0x220 [ 6.999537] netlink_unicast+0x395/0x530 [ 7.000771] netlink_sendmsg+0x3d0/0x6d0 [ 7.001462] __sock_sendmsg+0x99/0xa0 [ 7.001707] ____sys_sendmsg+0x409/0x450 [ 7.002391] ___sys_sendmsg+0xfd/0x170 [ 7.003145] __sys_sendmsg+0xea/0x170 [ 7.004359] do_syscall_64+0x5e/0x90 [ 7.005817] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 7.006127] RIP: 0033:0x7ec756d4e407 [ 7.006339] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 faf [ 7.007364] RSP: 002b:00007ffed5d46760 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 7.007827] RAX: ffffffffffffffda RBX: 00007ec756cc4740 RCX: 00007ec756d4e407 [ 7.008223] RDX: 0000000000000000 RSI: 00007ffed5d467f0 RDI: 0000000000000003 [ 7.008620] RBP: 00007ffed5d468a0 R08: 0000000000000000 R09: 0000000000000000 [ 7.009039] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 7.009429] R13: 00007ffed5d478b0 R14: 00007ec756ee5000 R15: 00005cbd4e655cb8 Fix this bug with correct pointer addition and conversion in parse and dump code. CVE-2025-22056 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22056.html CVE-2025-22056 https://bugzilla.suse.com/1241525 SUSE Bug 1241525 In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dst_release Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") moved decrementing the dst count from dst_destroy to dst_release to avoid accessing already freed data in case of netns dismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels are used, this fix is incomplete as the same issue will be seen for cached dsts: Unable to handle kernel paging request at virtual address ffff5aabf6b5c000 Call trace: percpu_counter_add_batch+0x3c/0x160 (P) dst_release+0xec/0x108 dst_cache_destroy+0x68/0xd8 dst_destroy+0x13c/0x168 dst_destroy_rcu+0x1c/0xb0 rcu_do_batch+0x18c/0x7d0 rcu_core+0x174/0x378 rcu_core_si+0x18/0x30 Fix this by invalidating the cache, and thus decrementing cached dst counters, in dst_release too. CVE-2025-22057 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22057.html CVE-2025-22057 https://bugzilla.suse.com/1241533 SUSE Bug 1241533 In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasionally spiked to 524,288 pages and never dropped. Moreover, the value doubled when the application was terminated. Finally, it caused intermittent packet drops. We can reproduce the issue with the script below [0]: 1. /proc/net/sockstat reports 0 pages # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 0 2. Run the script till the report reaches 524,288 # python3 test.py & sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 3 mem 524288 <-- (INT_MAX + 1) >> PAGE_SHIFT 3. Kill the socket and confirm the number never drops # pkill python3 && sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 524288 4. (necessary since v6.0) Trigger proto_memory_pcpu_drain() # python3 test.py & sleep 1 && pkill python3 5. The number doubles # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 1048577 The application set INT_MAX to SO_RCVBUF, which triggered an integer overflow in udp_rmem_release(). When a socket is close()d, udp_destruct_common() purges its receive queue and sums up skb->truesize in the queue. This total is calculated and stored in a local unsigned integer variable. The total size is then passed to udp_rmem_release() to adjust memory accounting. However, because the function takes a signed integer argument, the total size can wrap around, causing an overflow. Then, the released amount is calculated as follows: 1) Add size to sk->sk_forward_alloc. 2) Round down sk->sk_forward_alloc to the nearest lower multiple of PAGE_SIZE and assign it to amount. 3) Subtract amount from sk->sk_forward_alloc. 4) Pass amount >> PAGE_SHIFT to __sk_mem_reduce_allocated(). When the issue occurred, the total in udp_destruct_common() was 2147484480 (INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release(). At 1) sk->sk_forward_alloc is changed from 3264 to -2147479552, and 2) sets -2147479552 to amount. 3) reverts the wraparound, so we don't see a warning in inet_sock_destruct(). However, udp_memory_allocated ends up doubling at 4). Since commit 3cd3399dd7a8 ("net: implement per-cpu reserves for memory_allocated"), memory usage no longer doubles immediately after a socket is close()d because __sk_mem_reduce_allocated() caches the amount in udp_memory_per_cpu_fw_alloc. However, the next time a UDP socket receives a packet, the subtraction takes effect, causing UDP memory usage to double. This issue makes further memory allocation fail once the socket's sk->sk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet drops. To prevent this issue, let's use unsigned int for the calculation and call sk_forward_alloc_add() only once for the small delta. Note that first_packet_length() also potentially has the same problem. [0]: from socket import * SO_RCVBUFFORCE = 33 INT_MAX = (2 ** 31) - 1 s = socket(AF_INET, SOCK_DGRAM) s.bind(('', 0)) s.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX) c = socket(AF_INET, SOCK_DGRAM) c.connect(s.getsockname()) data = b'a' * 100 while True: c.send(data) CVE-2025-22058 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22058.html CVE-2025-22058 https://bugzilla.suse.com/1241332 SUSE Bug 1241332 In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an index register that selects the row to read or write to. This means that operations must be atomic in order to, e.g., avoid spreading writes across multiple rows. Since the shadow SRAM array is used to find free rows in the hardware table, it must also be protected in order to avoid TOCTOU errors where multiple cores allocate the same row. This issue was detected in a situation where `mvpp2_set_rx_mode()` ran concurrently on two CPUs. In this particular case the MVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing the classifier unit to drop all incoming unicast - indicated by the `rx_classifier_drops` counter. CVE-2025-22060 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22060.html CVE-2025-22060 https://bugzilla.suse.com/1241526 SUSE Bug 1241526 In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653 Call Trace: <TASK> udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181 sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930 proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553 proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601 iter_file_splice_write+0x91c/0x1150 fs/splice.c:738 do_splice_from fs/splice.c:935 [inline] direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158 splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102 do_splice_direct_actor fs/splice.c:1201 [inline] do_splice_direct+0x174/0x240 fs/splice.c:1227 do_sendfile+0xafd/0xe50 fs/read_write.c:1368 __do_sys_sendfile64 fs/read_write.c:1429 [inline] __se_sys_sendfile64 fs/read_write.c:1415 [inline] __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] CVE-2025-22062 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22062.html CVE-2025-22062 https://bugzilla.suse.com/1241412 SUSE Bug 1241412 In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect function is called with an IPv6 address, the function calipso_sock_setattr() is triggered. Inside this function, the following code is executed: sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL; Since sk is an IPv4 socket, pinet6 is NULL, leading to a null pointer dereference. This patch fixes the issue by checking if inet6_sk(sk) returns a NULL pointer before accessing pinet6. CVE-2025-22063 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22063.html CVE-2025-22063 https://bugzilla.suse.com/1241351 SUSE Bug 1241351 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't unregister hook when table is dormant When nf_tables_updchain encounters an error, hook registration needs to be rolled back. This should only be done if the hook has been registered, which won't happen when the table is flagged as dormant (inactive). Just move the assignment into the registration block. CVE-2025-22064 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22064.html CVE-2025-22064 https://bugzilla.suse.com/1241413 SUSE Bug 1241413 In the Linux kernel, the following vulnerability has been resolved: idpf: fix adapter NULL pointer dereference on reboot With SRIOV enabled, idpf ends up calling into idpf_remove() twice. First via idpf_shutdown() and then again when idpf_remove() calls into sriov_disable(), because the VF devices use the idpf driver, hence the same remove routine. When that happens, it is possible for the adapter to be NULL from the first call to idpf_remove(), leading to a NULL pointer dereference. echo 1 > /sys/class/net/<netif>/device/sriov_numvfs reboot BUG: kernel NULL pointer dereference, address: 0000000000000020 ... RIP: 0010:idpf_remove+0x22/0x1f0 [idpf] ... ? idpf_remove+0x22/0x1f0 [idpf] ? idpf_remove+0x1e4/0x1f0 [idpf] pci_device_remove+0x3f/0xb0 device_release_driver_internal+0x19f/0x200 pci_stop_bus_device+0x6d/0x90 pci_stop_and_remove_bus_device+0x12/0x20 pci_iov_remove_virtfn+0xbe/0x120 sriov_disable+0x34/0xe0 idpf_sriov_configure+0x58/0x140 [idpf] idpf_remove+0x1b9/0x1f0 [idpf] idpf_shutdown+0x12/0x30 [idpf] pci_device_shutdown+0x35/0x60 device_shutdown+0x156/0x200 ... Replace the direct idpf_remove() call in idpf_shutdown() with idpf_vc_core_deinit() and idpf_deinit_dflt_mbx(), which perform the bulk of the cleanup, such as stopping the init task, freeing IRQs, destroying the vports and freeing the mailbox. This avoids the calls to sriov_disable() in addition to a small netdev cleanup, and destroying workqueues, which don't seem to be required on shutdown. CVE-2025-22065 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22065.html CVE-2025-22065 https://bugzilla.suse.com/1241333 SUSE Bug 1241333 In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Add NULL check in imx_card_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, imx_card_probe() does not check for this case, which results in a NULL pointer dereference. Add NULL check after devm_kasprintf() to prevent this issue. CVE-2025-22066 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22066.html CVE-2025-22066 https://bugzilla.suse.com/1241340 SUSE Bug 1241340 In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories, e.g.: setfacl -m default:group:simpsons:rwx parentdir then creating a subdirectory crashed 9p client, as v9fs_fid_add() call in function v9fs_vfs_mkdir_dotl() sets the passed 'fid' pointer to NULL (since dafbe689736) even though the subsequent v9fs_set_create_acl() call expects a valid non-NULL 'fid' pointer: [ 37.273191] BUG: kernel NULL pointer dereference, address: 0000000000000000 ... [ 37.322338] Call Trace: [ 37.323043] <TASK> [ 37.323621] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) [ 37.324448] ? page_fault_oops (arch/x86/mm/fault.c:714) [ 37.325532] ? search_module_extables (kernel/module/main.c:3733) [ 37.326742] ? p9_client_walk (net/9p/client.c:1165) 9pnet [ 37.328006] ? search_bpf_extables (kernel/bpf/core.c:804) [ 37.329142] ? exc_page_fault (./arch/x86/include/asm/paravirt.h:686 arch/x86/mm/fault.c:1488 arch/x86/mm/fault.c:1538) [ 37.330196] ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:574) [ 37.331330] ? p9_client_walk (net/9p/client.c:1165) 9pnet [ 37.332562] ? v9fs_fid_xattr_get (fs/9p/xattr.c:30) 9p [ 37.333824] v9fs_fid_xattr_set (fs/9p/fid.h:23 fs/9p/xattr.c:121) 9p [ 37.335077] v9fs_set_acl (fs/9p/acl.c:276) 9p [ 37.336112] v9fs_set_create_acl (fs/9p/acl.c:307) 9p [ 37.337326] v9fs_vfs_mkdir_dotl (fs/9p/vfs_inode_dotl.c:411) 9p [ 37.338590] vfs_mkdir (fs/namei.c:4313) [ 37.339535] do_mkdirat (fs/namei.c:4336) [ 37.340465] __x64_sys_mkdir (fs/namei.c:4354) [ 37.341455] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) [ 37.342447] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Fix this by simply swapping the sequence of these two calls in v9fs_vfs_mkdir_dotl(), i.e. calling v9fs_set_create_acl() before v9fs_fid_add(). CVE-2025-22070 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22070.html CVE-2025-22070 https://bugzilla.suse.com/1241305 SUSE Bug 1241305 In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF GUIDs when supported Commit 30aad41721e0 ("net/core: Add support for getting VF GUIDs") added support for getting VF port and node GUIDs in netlink ifinfo messages, but their size was not taken into consideration in the function that allocates the netlink message, causing the following warning when a netlink message is filled with many VF port and node GUIDs: # echo 64 > /sys/bus/pci/devices/0000\:08\:00.0/sriov_numvfs # ip link show dev ib0 RTNETLINK answers: Message too long Cannot send link get request: Message too long Kernel warning: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 1930 at net/core/rtnetlink.c:4151 rtnl_getlink+0x586/0x5a0 Modules linked in: xt_conntrack xt_MASQUERADE nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter overlay mlx5_ib macsec mlx5_core tls rpcrdma rdma_ucm ib_uverbs ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm iw_cm ib_ipoib fuse ib_cm ib_core CPU: 2 UID: 0 PID: 1930 Comm: ip Not tainted 6.14.0-rc2+ #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:rtnl_getlink+0x586/0x5a0 Code: cb 82 e8 3d af 0a 00 4d 85 ff 0f 84 08 ff ff ff 4c 89 ff 41 be ea ff ff ff e8 66 63 5b ff 49 c7 07 80 4f cb 82 e9 36 fc ff ff <0f> 0b e9 16 fe ff ff e8 de a0 56 00 66 66 2e 0f 1f 84 00 00 00 00 RSP: 0018:ffff888113557348 EFLAGS: 00010246 RAX: 00000000ffffffa6 RBX: ffff88817e87aa34 RCX: dffffc0000000000 RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88817e87afb8 RBP: 0000000000000009 R08: ffffffff821f44aa R09: 0000000000000000 R10: ffff8881260f79a8 R11: ffff88817e87af00 R12: ffff88817e87aa00 R13: ffffffff8563d300 R14: 00000000ffffffa6 R15: 00000000ffffffff FS: 00007f63a5dbf280(0000) GS:ffff88881ee00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f63a5ba4493 CR3: 00000001700fe002 CR4: 0000000000772eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __warn+0xa5/0x230 ? rtnl_getlink+0x586/0x5a0 ? report_bug+0x22d/0x240 ? handle_bug+0x53/0xa0 ? exc_invalid_op+0x14/0x50 ? asm_exc_invalid_op+0x16/0x20 ? skb_trim+0x6a/0x80 ? rtnl_getlink+0x586/0x5a0 ? __pfx_rtnl_getlink+0x10/0x10 ? rtnetlink_rcv_msg+0x1e5/0x860 ? __pfx___mutex_lock+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? __pfx_lock_acquire+0x10/0x10 ? stack_trace_save+0x90/0xd0 ? filter_irq_stacks+0x1d/0x70 ? kasan_save_stack+0x30/0x40 ? kasan_save_stack+0x20/0x40 ? kasan_save_track+0x10/0x30 rtnetlink_rcv_msg+0x21c/0x860 ? entry_SYSCALL_64_after_hwframe+0x76/0x7e ? __pfx_rtnetlink_rcv_msg+0x10/0x10 ? arch_stack_walk+0x9e/0xf0 ? rcu_is_watching+0x34/0x60 ? lock_acquire+0xd5/0x410 ? rcu_is_watching+0x34/0x60 netlink_rcv_skb+0xe0/0x210 ? __pfx_rtnetlink_rcv_msg+0x10/0x10 ? __pfx_netlink_rcv_skb+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? __pfx___netlink_lookup+0x10/0x10 ? lock_release+0x62/0x200 ? netlink_deliver_tap+0xfd/0x290 ? rcu_is_watching+0x34/0x60 ? lock_release+0x62/0x200 ? netlink_deliver_tap+0x95/0x290 netlink_unicast+0x31f/0x480 ? __pfx_netlink_unicast+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? lock_acquire+0xd5/0x410 netlink_sendmsg+0x369/0x660 ? lock_release+0x62/0x200 ? __pfx_netlink_sendmsg+0x10/0x10 ? import_ubuf+0xb9/0xf0 ? __import_iovec+0x254/0x2b0 ? lock_release+0x62/0x200 ? __pfx_netlink_sendmsg+0x10/0x10 ____sys_sendmsg+0x559/0x5a0 ? __pfx_____sys_sendmsg+0x10/0x10 ? __pfx_copy_msghdr_from_user+0x10/0x10 ? rcu_is_watching+0x34/0x60 ? do_read_fault+0x213/0x4a0 ? rcu_is_watching+0x34/0x60 ___sys_sendmsg+0xe4/0x150 ? __pfx____sys_sendmsg+0x10/0x10 ? do_fault+0x2cc/0x6f0 ? handle_pte_fault+0x2e3/0x3d0 ? __pfx_handle_pte_fault+0x10/0x10 ---truncated--- CVE-2025-22075 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22075.html CVE-2025-22075 https://bugzilla.suse.com/1241402 SUSE Bug 1241402 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINT_MAX - 16 then the check does work as intended because of an integer overflow. CVE-2025-22080 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22080.html CVE-2025-22080 https://bugzilla.suse.com/1241416 SUSE Bug 1241416 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow When cur_qp isn't NULL, in order to avoid fetching the QP from the radix tree again we check if the next cqe QP is identical to the one we already have. The bug however is that we are checking if the QP is identical by checking the QP number inside the CQE against the QP number inside the mlx5_ib_qp, but that's wrong since the QP number from the CQE is from FW so it should be matched against mlx5_core_qp which is our FW QP number. Otherwise we could use the wrong QP when handling a CQE which could cause the kernel trace below. This issue is mainly noticeable over QPs 0 & 1, since for now they are the only QPs in our driver whereas the QP number inside mlx5_ib_qp doesn't match the QP number inside mlx5_core_qp. BUG: kernel NULL pointer dereference, address: 0000000000000012 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP CPU: 0 UID: 0 PID: 7927 Comm: kworker/u62:1 Not tainted 6.14.0-rc3+ #189 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 Workqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core] RIP: 0010:mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib] Code: 03 00 00 8d 58 ff 21 cb 66 39 d3 74 39 48 c7 c7 3c 89 6e a0 0f b7 db e8 b7 d2 b3 e0 49 8b 86 60 03 00 00 48 c7 c7 4a 89 6e a0 <0f> b7 5c 98 02 e8 9f d2 b3 e0 41 0f b7 86 78 03 00 00 83 e8 01 21 RSP: 0018:ffff88810511bd60 EFLAGS: 00010046 RAX: 0000000000000010 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff88885fa1b3c0 RDI: ffffffffa06e894a RBP: 00000000000000b0 R08: 0000000000000000 R09: ffff88810511bc10 R10: 0000000000000001 R11: 0000000000000001 R12: ffff88810d593000 R13: ffff88810e579108 R14: ffff888105146000 R15: 00000000000000b0 FS: 0000000000000000(0000) GS:ffff88885fa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000012 CR3: 00000001077e6001 CR4: 0000000000370eb0 Call Trace: <TASK> ? __die+0x20/0x60 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x130 ? asm_exc_page_fault+0x22/0x30 ? mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib] __ib_process_cq+0x5a/0x150 [ib_core] ib_cq_poll_work+0x31/0x90 [ib_core] process_one_work+0x169/0x320 worker_thread+0x288/0x3a0 ? work_busy+0xb0/0xb0 kthread+0xd7/0x1f0 ? kthreads_online_cpu+0x130/0x130 ? kthreads_online_cpu+0x130/0x130 ret_from_fork+0x2d/0x50 ? kthreads_online_cpu+0x130/0x130 ret_from_fork_asm+0x11/0x20 </TASK> CVE-2025-22086 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22086.html CVE-2025-22086 https://bugzilla.suse.com/1241458 SUSE Bug 1241458 In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue. CVE-2025-22088 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22088.html CVE-2025-22088 https://bugzilla.suse.com/1241528 SUSE Bug 1241528 In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hw_counters outside of init net namespace Commit 467f432a521a ("RDMA/core: Split port and device counter sysfs attributes") accidentally almost exposed hw counters to non-init net namespaces. It didn't expose them fully, as an attempt to read any of those counters leads to a crash like this one: [42021.807566] BUG: kernel NULL pointer dereference, address: 0000000000000028 [42021.814463] #PF: supervisor read access in kernel mode [42021.819549] #PF: error_code(0x0000) - not-present page [42021.824636] PGD 0 P4D 0 [42021.827145] Oops: 0000 [#1] SMP PTI [42021.830598] CPU: 82 PID: 2843922 Comm: switchto-defaul Kdump: loaded Tainted: G S W I XXX [42021.841697] Hardware name: XXX [42021.849619] RIP: 0010:hw_stat_device_show+0x1e/0x40 [ib_core] [42021.855362] Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 49 89 d0 4c 8b 5e 20 48 8b 8f b8 04 00 00 48 81 c7 f0 fa ff ff <48> 8b 41 28 48 29 ce 48 83 c6 d0 48 c1 ee 04 69 d6 ab aa aa aa 48 [42021.873931] RSP: 0018:ffff97fe90f03da0 EFLAGS: 00010287 [42021.879108] RAX: ffff9406988a8c60 RBX: ffff940e1072d438 RCX: 0000000000000000 [42021.886169] RDX: ffff94085f1aa000 RSI: ffff93c6cbbdbcb0 RDI: ffff940c7517aef0 [42021.893230] RBP: ffff97fe90f03e70 R08: ffff94085f1aa000 R09: 0000000000000000 [42021.900294] R10: ffff94085f1aa000 R11: ffffffffc0775680 R12: ffffffff87ca2530 [42021.907355] R13: ffff940651602840 R14: ffff93c6cbbdbcb0 R15: ffff94085f1aa000 [42021.914418] FS: 00007fda1a3b9700(0000) GS:ffff94453fb80000(0000) knlGS:0000000000000000 [42021.922423] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [42021.928130] CR2: 0000000000000028 CR3: 00000042dcfb8003 CR4: 00000000003726f0 [42021.935194] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [42021.942257] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [42021.949324] Call Trace: [42021.951756] <TASK> [42021.953842] [<ffffffff86c58674>] ? show_regs+0x64/0x70 [42021.959030] [<ffffffff86c58468>] ? __die+0x78/0xc0 [42021.963874] [<ffffffff86c9ef75>] ? page_fault_oops+0x2b5/0x3b0 [42021.969749] [<ffffffff87674b92>] ? exc_page_fault+0x1a2/0x3c0 [42021.975549] [<ffffffff87801326>] ? asm_exc_page_fault+0x26/0x30 [42021.981517] [<ffffffffc0775680>] ? __pfx_show_hw_stats+0x10/0x10 [ib_core] [42021.988482] [<ffffffffc077564e>] ? hw_stat_device_show+0x1e/0x40 [ib_core] [42021.995438] [<ffffffff86ac7f8e>] dev_attr_show+0x1e/0x50 [42022.000803] [<ffffffff86a3eeb1>] sysfs_kf_seq_show+0x81/0xe0 [42022.006508] [<ffffffff86a11134>] seq_read_iter+0xf4/0x410 [42022.011954] [<ffffffff869f4b2e>] vfs_read+0x16e/0x2f0 [42022.017058] [<ffffffff869f50ee>] ksys_read+0x6e/0xe0 [42022.022073] [<ffffffff8766f1ca>] do_syscall_64+0x6a/0xa0 [42022.027441] [<ffffffff8780013b>] entry_SYSCALL_64_after_hwframe+0x78/0xe2 The problem can be reproduced using the following steps: ip netns add foo ip netns exec foo bash cat /sys/class/infiniband/mlx4_0/hw_counters/* The panic occurs because of casting the device pointer into an ib_device pointer using container_of() in hw_stat_device_show() is wrong and leads to a memory corruption. However the real problem is that hw counters should never been exposed outside of the non-init net namespace. Fix this by saving the index of the corresponding attribute group (it might be 1 or 2 depending on the presence of driver-specific attributes) and zeroing the pointer to hw_counters group for compat devices during the initialization. With this fix applied hw_counters are not available in a non-init net namespace: find /sys/class/infiniband/mlx4_0/ -name hw_counters /sys/class/infiniband/mlx4_0/ports/1/hw_counters /sys/class/infiniband/mlx4_0/ports/2/hw_counters /sys/class/infiniband/mlx4_0/hw_counters ip netns add foo ip netns exec foo bash find /sys/class/infiniband/mlx4_0/ -name hw_counters CVE-2025-22089 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22089.html CVE-2025-22089 https://bugzilla.suse.com/1241538 SUSE Bug 1241538 In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() If track_pfn_copy() fails, we already added the dst VMA to the maple tree. As fork() fails, we'll cleanup the maple tree, and stumble over the dst VMA for which we neither performed any reservation nor copied any page tables. Consequently untrack_pfn() will see VM_PAT and try obtaining the PAT information from the page table -- which fails because the page table was not copied. The easiest fix would be to simply clear the VM_PAT flag of the dst VMA if track_pfn_copy() fails. However, the whole thing is about "simply" clearing the VM_PAT flag is shaky as well: if we passed track_pfn_copy() and performed a reservation, but copying the page tables fails, we'll simply clear the VM_PAT flag, not properly undoing the reservation ... which is also wrong. So let's fix it properly: set the VM_PAT flag only if the reservation succeeded (leaving it clear initially), and undo the reservation if anything goes wrong while copying the page tables: clearing the VM_PAT flag after undoing the reservation. Note that any copied page table entries will get zapped when the VMA will get removed later, after copy_page_range() succeeded; as VM_PAT is not set then, we won't try cleaning VM_PAT up once more and untrack_pfn() will be happy. Note that leaving these page tables in place without a reservation is not a problem, as we are aborting fork(); this process will never run. A reproducer can trigger this usually at the first try: https://gitlab.com/davidhildenbrand/scratchspace/-/raw/main/reproducers/pat_fork.c WARNING: CPU: 26 PID: 11650 at arch/x86/mm/pat/memtype.c:983 get_pat_info+0xf6/0x110 Modules linked in: ... CPU: 26 UID: 0 PID: 11650 Comm: repro3 Not tainted 6.12.0-rc5+ #92 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:get_pat_info+0xf6/0x110 ... Call Trace: <TASK> ... untrack_pfn+0x52/0x110 unmap_single_vma+0xa6/0xe0 unmap_vmas+0x105/0x1f0 exit_mmap+0xf6/0x460 __mmput+0x4b/0x120 copy_process+0x1bf6/0x2aa0 kernel_clone+0xab/0x440 __do_sys_clone+0x66/0x90 do_syscall_64+0x95/0x180 Likely this case was missed in: d155df53f310 ("x86/mm/pat: clear VM_PAT if copy_p4d_range failed") ... and instead of undoing the reservation we simply cleared the VM_PAT flag. Keep the documentation of these functions in include/linux/pgtable.h, one place is more than sufficient -- we should clean that up for the other functions like track_pfn_remap/untrack_pfn separately. CVE-2025-22090 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22090.html CVE-2025-22090 https://bugzilla.suse.com/1241537 SUSE Bug 1241537 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is tested in dm_dmub_sw_init. However, it will be dereferenced in dmub_hw_lock_mgr_cmd if should_use_dmub_lock returns true. This has been the case since dmub support has been added for PSR1. Fix this by checking for dmub_srv in should_use_dmub_lock. [ 37.440832] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 37.447808] #PF: supervisor read access in kernel mode [ 37.452959] #PF: error_code(0x0000) - not-present page [ 37.458112] PGD 0 P4D 0 [ 37.460662] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 37.465553] CPU: 2 UID: 1000 PID: 1745 Comm: DrmThread Not tainted 6.14.0-rc1-00003-gd62e938120f0 #23 99720e1cb1e0fc4773b8513150932a07de3c6e88 [ 37.478324] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023 [ 37.487103] RIP: 0010:dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.492074] Code: 44 24 0e 00 00 00 00 48 c7 04 24 45 00 00 0c 40 88 74 24 0d 0f b6 02 88 44 24 0c 8b 01 89 44 24 08 85 f6 75 05 c6 44 24 0e 01 <48> 8b 7f 58 48 89 e6 ba 01 00 00 00 e8 08 3c 2a 00 65 48 8b 04 5 [ 37.510822] RSP: 0018:ffff969442853300 EFLAGS: 00010202 [ 37.516052] RAX: 0000000000000000 RBX: ffff92db03000000 RCX: ffff969442853358 [ 37.523185] RDX: ffff969442853368 RSI: 0000000000000001 RDI: 0000000000000000 [ 37.530322] RBP: 0000000000000001 R08: 00000000000004a7 R09: 00000000000004a5 [ 37.537453] R10: 0000000000000476 R11: 0000000000000062 R12: ffff92db0ade8000 [ 37.544589] R13: ffff92da01180ae0 R14: ffff92da011802a8 R15: ffff92db03000000 [ 37.551725] FS: 0000784a9cdfc6c0(0000) GS:ffff92db2af00000(0000) knlGS:0000000000000000 [ 37.559814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.565562] CR2: 0000000000000058 CR3: 0000000112b1c000 CR4: 00000000003506f0 [ 37.572697] Call Trace: [ 37.575152] <TASK> [ 37.577258] ? __die_body+0x66/0xb0 [ 37.580756] ? page_fault_oops+0x3e7/0x4a0 [ 37.584861] ? exc_page_fault+0x3e/0xe0 [ 37.588706] ? exc_page_fault+0x5c/0xe0 [ 37.592550] ? asm_exc_page_fault+0x22/0x30 [ 37.596742] ? dmub_hw_lock_mgr_cmd+0x77/0xb0 [ 37.601107] dcn10_cursor_lock+0x1e1/0x240 [ 37.605211] program_cursor_attributes+0x81/0x190 [ 37.609923] commit_planes_for_stream+0x998/0x1ef0 [ 37.614722] update_planes_and_stream_v2+0x41e/0x5c0 [ 37.619703] dc_update_planes_and_stream+0x78/0x140 [ 37.624588] amdgpu_dm_atomic_commit_tail+0x4362/0x49f0 [ 37.629832] ? srso_return_thunk+0x5/0x5f [ 37.633847] ? mark_held_locks+0x6d/0xd0 [ 37.637774] ? _raw_spin_unlock_irq+0x24/0x50 [ 37.642135] ? srso_return_thunk+0x5/0x5f [ 37.646148] ? lockdep_hardirqs_on+0x95/0x150 [ 37.650510] ? srso_return_thunk+0x5/0x5f [ 37.654522] ? _raw_spin_unlock_irq+0x2f/0x50 [ 37.658883] ? srso_return_thunk+0x5/0x5f [ 37.662897] ? wait_for_common+0x186/0x1c0 [ 37.666998] ? srso_return_thunk+0x5/0x5f [ 37.671009] ? drm_crtc_next_vblank_start+0xc3/0x170 [ 37.675983] commit_tail+0xf5/0x1c0 [ 37.679478] drm_atomic_helper_commit+0x2a2/0x2b0 [ 37.684186] drm_atomic_commit+0xd6/0x100 [ 37.688199] ? __cfi___drm_printfn_info+0x10/0x10 [ 37.692911] drm_atomic_helper_update_plane+0xe5/0x130 [ 37.698054] drm_mode_cursor_common+0x501/0x670 [ 37.702600] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10 [ 37.707572] drm_mode_cursor_ioctl+0x48/0x70 [ 37.711851] drm_ioctl_kernel+0xf2/0x150 [ 37.715781] drm_ioctl+0x363/0x590 [ 37.719189] ? __cfi_drm_mode_cursor_ioctl+0x10/0x10 [ 37.724165] amdgpu_drm_ioctl+0x41/0x80 [ 37.728013] __se_sys_ioctl+0x7f/0xd0 [ 37.731685] do_syscall_64+0x87/0x100 [ 37.735355] ? vma_end_read+0x12/0xe0 [ 37.739024] ? srso_return_thunk+0x5/0x5f [ 37.743041] ? find_held_lock+0x47/0xf0 [ 37.746884] ? vma_end_read+0x12/0xe0 [ 37.750552] ? srso_return_thunk+0x5/0 ---truncated--- CVE-2025-22093 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22093.html CVE-2025-22093 https://bugzilla.suse.com/1241545 SUSE Bug 1241545 In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulator_bulk_get() If the regulator_bulk_get() returns an error and no regulators are created, we need to set their number to zero. If we don't do this and the PCIe link up fails, a call to the regulator_bulk_free() will result in a kernel panic. While at it, print the error value, as we cannot return an error upwards as the kernel will WARN() on an error from add_bus(). [kwilczynski: commit log, use comma in the message to match style with other similar messages] CVE-2025-22095 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22095.html CVE-2025-22095 https://bugzilla.suse.com/1241519 SUSE Bug 1241519 In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it. Fix both possible errors by initializing default_config only when the driver initialization succeeded. CVE-2025-22097 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22097.html CVE-2025-22097 https://bugzilla.suse.com/1241541 SUSE Bug 1241541 https://bugzilla.suse.com/1241542 SUSE Bug 1241542 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix kernel panic during FW release This fixes a kernel panic seen during release FW in a stress test scenario where WLAN and BT FW download occurs simultaneously, and due to a HW bug, chip sends out only 1 bootloader signatures. When driver receives the bootloader signature, it enters FW download mode, but since no consequtive bootloader signatures seen, FW file is not requested. After 60 seconds, when FW download times out, release_firmware causes a kernel panic. [ 2601.949184] Unable to handle kernel paging request at virtual address 0000312e6f006573 [ 2601.992076] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000111802000 [ 2601.992080] [0000312e6f006573] pgd=0000000000000000, p4d=0000000000000000 [ 2601.992087] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP [ 2601.992091] Modules linked in: algif_hash algif_skcipher af_alg btnxpuart(O) pciexxx(O) mlan(O) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce snd_soc_fsl_easrc snd_soc_fsl_asoc_card imx8_media_dev(C) snd_soc_fsl_micfil polyval_generic snd_soc_fsl_xcvr snd_soc_fsl_sai snd_soc_imx_audmux snd_soc_fsl_asrc snd_soc_imx_card snd_soc_imx_hdmi snd_soc_fsl_aud2htx snd_soc_fsl_utils imx_pcm_dma dw_hdmi_cec flexcan can_dev [ 2602.001825] CPU: 2 PID: 20060 Comm: hciconfig Tainted: G C O 6.6.23-lts-next-06236-gb586a521770e #1 [ 2602.010182] Hardware name: NXP i.MX8MPlus EVK board (DT) [ 2602.010185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2602.010191] pc : _raw_spin_lock+0x34/0x68 [ 2602.010201] lr : free_fw_priv+0x20/0xfc [ 2602.020561] sp : ffff800089363b30 [ 2602.020563] x29: ffff800089363b30 x28: ffff0000d0eb5880 x27: 0000000000000000 [ 2602.020570] x26: 0000000000000000 x25: ffff0000d728b330 x24: 0000000000000000 [ 2602.020577] x23: ffff0000dc856f38 [ 2602.033797] x22: ffff800089363b70 x21: ffff0000dc856000 [ 2602.033802] x20: ff00312e6f006573 x19: ffff0000d0d9ea80 x18: 0000000000000000 [ 2602.033809] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaad80dd480 [ 2602.083320] x14: 0000000000000000 x13: 00000000000001b9 x12: 0000000000000002 [ 2602.083326] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff800089363a30 [ 2602.083333] x8 : ffff0001793d75c0 x7 : ffff0000d6dbc400 x6 : 0000000000000000 [ 2602.083339] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000001 [ 2602.083346] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ff00312e6f006573 [ 2602.083354] Call trace: [ 2602.083356] _raw_spin_lock+0x34/0x68 [ 2602.083364] release_firmware+0x48/0x6c [ 2602.083370] nxp_setup+0x3c4/0x540 [btnxpuart] [ 2602.083383] hci_dev_open_sync+0xf0/0xa34 [ 2602.083391] hci_dev_open+0xd8/0x178 [ 2602.083399] hci_sock_ioctl+0x3b0/0x590 [ 2602.083405] sock_do_ioctl+0x60/0x118 [ 2602.083413] sock_ioctl+0x2f4/0x374 [ 2602.091430] __arm64_sys_ioctl+0xac/0xf0 [ 2602.091437] invoke_syscall+0x48/0x110 [ 2602.091445] el0_svc_common.constprop.0+0xc0/0xe0 [ 2602.091452] do_el0_svc+0x1c/0x28 [ 2602.091457] el0_svc+0x40/0xe4 [ 2602.091465] el0t_64_sync_handler+0x120/0x12c [ 2602.091470] el0t_64_sync+0x190/0x194 CVE-2025-22102 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22102.html CVE-2025-22102 https://bugzilla.suse.com/1241456 SUSE Bug 1241456 In the Linux kernel, the following vulnerability has been resolved: net: fix NULL pointer dereference in l3mdev_l3_rcv When delete l3s ipvlan: ip link del link eth0 ipvlan1 type ipvlan mode l3s This may cause a null pointer dereference: Call trace: ip_rcv_finish+0x48/0xd0 ip_rcv+0x5c/0x100 __netif_receive_skb_one_core+0x64/0xb0 __netif_receive_skb+0x20/0x80 process_backlog+0xb4/0x204 napi_poll+0xe8/0x294 net_rx_action+0xd8/0x22c __do_softirq+0x12c/0x354 This is because l3mdev_l3_rcv() visit dev->l3mdev_ops after ipvlan_l3s_unregister() assign the dev->l3mdev_ops to NULL. The process like this: (CPU1) | (CPU2) l3mdev_l3_rcv() | check dev->priv_flags: | master = skb->dev; | | | ipvlan_l3s_unregister() | set dev->priv_flags | dev->l3mdev_ops = NULL; | visit master->l3mdev_ops | To avoid this by do not set dev->l3mdev_ops when unregister l3s ipvlan. CVE-2025-22103 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22103.html CVE-2025-22103 https://bugzilla.suse.com/1241448 SUSE Bug 1241448 In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Use kernel helpers for hex dumps Previously, when the driver was printing hex dumps, the buffer was cast to an 8 byte long and printed using string formatters. If the buffer size was not a multiple of 8 then a read buffer overflow was possible. Therefore, create a new ibmvnic function that loops over a buffer and calls hex_dump_to_buffer instead. This patch address KASAN reports like the one below: ibmvnic 30000003 env3: Login Buffer: ibmvnic 30000003 env3: 01000000af000000 <...> ibmvnic 30000003 env3: 2e6d62692e736261 ibmvnic 30000003 env3: 65050003006d6f63 ================================================================== BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic] Read of size 8 at addr c0000001331a9aa8 by task ip/17681 <...> Allocated by task 17681: <...> ibmvnic_login+0x2f0/0xffc [ibmvnic] ibmvnic_open+0x148/0x308 [ibmvnic] __dev_open+0x1ac/0x304 <...> The buggy address is located 168 bytes inside of allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf) <...> ================================================================= ibmvnic 30000003 env3: 000000000033766e CVE-2025-22104 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22104.html CVE-2025-22104 https://bugzilla.suse.com/1241550 SUSE Bug 1241550 In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec ns1 ip link add bond0 type bond mode balance-rr ip netns exec ns1 ip link set dev bond0 xdp obj af_xdp_kern.o sec xdp ip netns exec ns1 ip link set bond0 type bond mode broadcast ip netns del ns1 When delete the namespace, dev_xdp_uninstall() is called to remove xdp program on bond dev, and bond_xdp_set() will check the bond mode. If bond mode is changed after attaching xdp program, the warning may occur. Some bond modes (broadcast, etc.) do not support native xdp. Set bond mode with xdp program attached is not good. Add check for xdp program when set bond mode. [1] ------------[ cut here ]------------ WARNING: CPU: 0 PID: 11 at net/core/dev.c:9912 unregister_netdevice_many_notify+0x8d9/0x930 Modules linked in: CPU: 0 UID: 0 PID: 11 Comm: kworker/u4:0 Not tainted 6.14.0-rc4 #107 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 Workqueue: netns cleanup_net RIP: 0010:unregister_netdevice_many_notify+0x8d9/0x930 Code: 00 00 48 c7 c6 6f e3 a2 82 48 c7 c7 d0 b3 96 82 e8 9c 10 3e ... RSP: 0018:ffffc90000063d80 EFLAGS: 00000282 RAX: 00000000ffffffa1 RBX: ffff888004959000 RCX: 00000000ffffdfff RDX: 0000000000000000 RSI: 00000000ffffffea RDI: ffffc90000063b48 RBP: ffffc90000063e28 R08: ffffffff82d39b28 R09: 0000000000009ffb R10: 0000000000000175 R11: ffffffff82d09b40 R12: ffff8880049598e8 R13: 0000000000000001 R14: dead000000000100 R15: ffffc90000045000 FS: 0000000000000000(0000) GS:ffff888007a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000d406b60 CR3: 000000000483e000 CR4: 00000000000006f0 Call Trace: <TASK> ? __warn+0x83/0x130 ? unregister_netdevice_many_notify+0x8d9/0x930 ? report_bug+0x18e/0x1a0 ? handle_bug+0x54/0x90 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? unregister_netdevice_many_notify+0x8d9/0x930 ? bond_net_exit_batch_rtnl+0x5c/0x90 cleanup_net+0x237/0x3d0 process_one_work+0x163/0x390 worker_thread+0x293/0x3b0 ? __pfx_worker_thread+0x10/0x10 kthread+0xec/0x1e0 ? __pfx_kthread+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ---[ end trace 0000000000000000 ]--- CVE-2025-22105 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22105.html CVE-2025-22105 https://bugzilla.suse.com/1241548 SUSE Bug 1241548 In the Linux kernel, the following vulnerability has been resolved: vmxnet3: unregister xdp rxq info in the reset path vmxnet3 does not unregister xdp rxq info in the vmxnet3_reset_work() code path as vmxnet3_rq_destroy() is not invoked in this code path. So, we get below message with a backtrace. Missing unregister, handled but fix driver WARNING: CPU:48 PID: 500 at net/core/xdp.c:182 __xdp_rxq_info_reg+0x93/0xf0 This patch fixes the problem by moving the unregister code of XDP from vmxnet3_rq_destroy() to vmxnet3_rq_cleanup(). CVE-2025-22106 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22106.html CVE-2025-22106 https://bugzilla.suse.com/1241547 SUSE Bug 1241547 In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() There are actually 2 problems: - deleting the last element doesn't require the memmove of elements [i + 1, end) over it. Actually, element i+1 is out of bounds. - The memmove itself should move size - i - 1 elements, because the last element is out of bounds. The out-of-bounds element still remains out of bounds after being accessed, so the problem is only that we touch it, not that it becomes in active use. But I suppose it can lead to issues if the out-of-bounds element is part of an unmapped page. CVE-2025-22107 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22107.html CVE-2025-22107 https://bugzilla.suse.com/1241575 SUSE Bug 1241575 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Mask the bd_cnt field in the TX BD properly The bd_cnt field in the TX BD specifies the total number of BDs for the TX packet. The bd_cnt field has 5 bits and the maximum number supported is 32 with the value 0. CONFIG_MAX_SKB_FRAGS can be modified and the total number of SKB fragments can approach or exceed the maximum supported by the chip. Add a macro to properly mask the bd_cnt field so that the value 32 will be properly masked and set to 0 in the bd_cnd field. Without this patch, the out-of-range bd_cnt value will corrupt the TX BD and may cause TX timeout. The next patch will check for values exceeding 32. CVE-2025-22108 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22108.html CVE-2025-22108 https://bugzilla.suse.com/1241574 SUSE Bug 1241574 In the Linux kernel, the following vulnerability has been resolved: ax25: Remove broken autobind Binding AX25 socket by using the autobind feature leads to memory leaks in ax25_connect() and also refcount leaks in ax25_release(). Memory leak was detected with kmemleak: ================================================================ unreferenced object 0xffff8880253cd680 (size 96): backtrace: __kmalloc_node_track_caller_noprof (./include/linux/kmemleak.h:43) kmemdup_noprof (mm/util.c:136) ax25_rt_autobind (net/ax25/ax25_route.c:428) ax25_connect (net/ax25/af_ax25.c:1282) __sys_connect_file (net/socket.c:2045) __sys_connect (net/socket.c:2064) __x64_sys_connect (net/socket.c:2067) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) ================================================================ When socket is bound, refcounts must be incremented the way it is done in ax25_bind() and ax25_setsockopt() (SO_BINDTODEVICE). In case of autobind, the refcounts are not incremented. This bug leads to the following issue reported by Syzkaller: ================================================================ ax25_connect(): syz-executor318 uses autobind, please contact jreuter@yaina.de ------------[ cut here ]------------ refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 0 PID: 5317 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 Modules linked in: CPU: 0 UID: 0 PID: 5317 Comm: syz-executor318 Not tainted 6.14.0-rc4-syzkaller-00278-gece144f151ac #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 ... Call Trace: <TASK> __refcount_dec include/linux/refcount.h:336 [inline] refcount_dec include/linux/refcount.h:351 [inline] ref_tracker_free+0x6af/0x7e0 lib/ref_tracker.c:236 netdev_tracker_free include/linux/netdevice.h:4302 [inline] netdev_put include/linux/netdevice.h:4319 [inline] ax25_release+0x368/0x960 net/ax25/af_ax25.c:1080 __sock_release net/socket.c:647 [inline] sock_close+0xbc/0x240 net/socket.c:1398 __fput+0x3e9/0x9f0 fs/file_table.c:464 __do_sys_close fs/open.c:1580 [inline] __se_sys_close fs/open.c:1565 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1565 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> ================================================================ Considering the issues above and the comments left in the code that say: "check if we can remove this feature. It is broken."; "autobinding in this may or may not work"; - it is better to completely remove this feature than to fix it because it is broken and leads to various kinds of memory bugs. Now calling connect() without first binding socket will result in an error (-EINVAL). Userspace software that relies on the autobind feature might get broken. However, this feature does not seem widely used with this specific driver as it was not reliable at any point of time, and it is already broken anyway. E.g. ax25-tools and ax25-apps packages for popular distributions do not use the autobind feature for AF_AX25. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2025-22109 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22109.html CVE-2025-22109 https://bugzilla.suse.com/1241573 SUSE Bug 1241573 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after btrfs_make_block_group() adds it to the space_info with btrfs_add_bg_to_space_info(), but before creation is completely completed in btrfs_create_pending_block_groups(). As a result, it is possible for a block group to go unused and have 'btrfs_mark_bg_unused' called on it concurrently with 'btrfs_create_pending_block_groups'. This causes a number of issues, which were fixed with the block group flag 'BLOCK_GROUP_FLAG_NEW'. However, this fix is not quite complete. Since it does not use the unused_bg_lock, it is possible for the following race to occur: btrfs_create_pending_block_groups btrfs_mark_bg_unused if list_empty // false list_del_init clear_bit else if (test_bit) // true list_move_tail And we get into the exact same broken ref count and invalid new_bgs state for transaction cleanup that BLOCK_GROUP_FLAG_NEW was designed to prevent. The broken refcount aspect will result in a warning like: [1272.943527] refcount_t: underflow; use-after-free. [1272.943967] WARNING: CPU: 1 PID: 61 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110 [1272.944731] Modules linked in: btrfs virtio_net xor zstd_compress raid6_pq null_blk [last unloaded: btrfs] [1272.945550] CPU: 1 UID: 0 PID: 61 Comm: kworker/u32:1 Kdump: loaded Tainted: G W 6.14.0-rc5+ #108 [1272.946368] Tainted: [W]=WARN [1272.946585] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 [1272.947273] Workqueue: btrfs_discard btrfs_discard_workfn [btrfs] [1272.947788] RIP: 0010:refcount_warn_saturate+0xba/0x110 [1272.949532] RSP: 0018:ffffbf1200247df0 EFLAGS: 00010282 [1272.949901] RAX: 0000000000000000 RBX: ffffa14b00e3f800 RCX: 0000000000000000 [1272.950437] RDX: 0000000000000000 RSI: ffffbf1200247c78 RDI: 00000000ffffdfff [1272.950986] RBP: ffffa14b00dc2860 R08: 00000000ffffdfff R09: ffffffff90526268 [1272.951512] R10: ffffffff904762c0 R11: 0000000063666572 R12: ffffa14b00dc28c0 [1272.952024] R13: 0000000000000000 R14: ffffa14b00dc2868 R15: 000001285dcd12c0 [1272.952850] FS: 0000000000000000(0000) GS:ffffa14d33c40000(0000) knlGS:0000000000000000 [1272.953458] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1272.953931] CR2: 00007f838cbda000 CR3: 000000010104e000 CR4: 00000000000006f0 [1272.954474] Call Trace: [1272.954655] <TASK> [1272.954812] ? refcount_warn_saturate+0xba/0x110 [1272.955173] ? __warn.cold+0x93/0xd7 [1272.955487] ? refcount_warn_saturate+0xba/0x110 [1272.955816] ? report_bug+0xe7/0x120 [1272.956103] ? handle_bug+0x53/0x90 [1272.956424] ? exc_invalid_op+0x13/0x60 [1272.956700] ? asm_exc_invalid_op+0x16/0x20 [1272.957011] ? refcount_warn_saturate+0xba/0x110 [1272.957399] btrfs_discard_cancel_work.cold+0x26/0x2b [btrfs] [1272.957853] btrfs_put_block_group.cold+0x5d/0x8e [btrfs] [1272.958289] btrfs_discard_workfn+0x194/0x380 [btrfs] [1272.958729] process_one_work+0x130/0x290 [1272.959026] worker_thread+0x2ea/0x420 [1272.959335] ? __pfx_worker_thread+0x10/0x10 [1272.959644] kthread+0xd7/0x1c0 [1272.959872] ? __pfx_kthread+0x10/0x10 [1272.960172] ret_from_fork+0x30/0x50 [1272.960474] ? __pfx_kthread+0x10/0x10 [1272.960745] ret_from_fork_asm+0x1a/0x30 [1272.961035] </TASK> [1272.961238] ---[ end trace 0000000000000000 ]--- Though we have seen them in the async discard workfn as well. It is most likely to happen after a relocation finishes which cancels discard, tears down the block group, etc. Fix this fully by taking the lock arou ---truncated--- CVE-2025-22115 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22115.html CVE-2025-22115 https://bugzilla.suse.com/1241578 SUSE Bug 1241578 https://bugzilla.suse.com/1241579 SUSE Bug 1241579 In the Linux kernel, the following vulnerability has been resolved: idpf: check error for register_netdev() on init Current init logic ignores the error code from register_netdev(), which will cause WARN_ON() on attempt to unregister it, if there was one, and there is no info for the user that the creation of the netdev failed. WARNING: CPU: 89 PID: 6902 at net/core/dev.c:11512 unregister_netdevice_many_notify+0x211/0x1a10 ... [ 3707.563641] unregister_netdev+0x1c/0x30 [ 3707.563656] idpf_vport_dealloc+0x5cf/0xce0 [idpf] [ 3707.563684] idpf_deinit_task+0xef/0x160 [idpf] [ 3707.563712] idpf_vc_core_deinit+0x84/0x320 [idpf] [ 3707.563739] idpf_remove+0xbf/0x780 [idpf] [ 3707.563769] pci_device_remove+0xab/0x1e0 [ 3707.563786] device_release_driver_internal+0x371/0x530 [ 3707.563803] driver_detach+0xbf/0x180 [ 3707.563816] bus_remove_driver+0x11b/0x2a0 [ 3707.563829] pci_unregister_driver+0x2a/0x250 Introduce an error check and log the vport number and error code. On removal make sure to check VPORT_REG_NETDEV flag prior to calling unregister and free on the netdev. Add local variables for idx, vport_config and netdev for readability. CVE-2025-22116 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22116.html CVE-2025-22116 https://bugzilla.suse.com/1241459 SUSE Bug 1241459 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1] After rfkill allocation fails, the wiphy release process will be performed, which will cause cfg80211_dev_free to access the uninitialized wiphy_work related data. Move the initialization of wiphy_work to before rfkill initialization to avoid this issue. [1] INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 UID: 0 PID: 5935 Comm: syz-executor550 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 assign_lock_key kernel/locking/lockdep.c:983 [inline] register_lock_class+0xc39/0x1240 kernel/locking/lockdep.c:1297 __lock_acquire+0x135/0x3c40 kernel/locking/lockdep.c:5103 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 cfg80211_dev_free+0x30/0x3d0 net/wireless/core.c:1196 device_release+0xa1/0x240 drivers/base/core.c:2568 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x1e4/0x5a0 lib/kobject.c:737 put_device+0x1f/0x30 drivers/base/core.c:3774 wiphy_free net/wireless/core.c:1224 [inline] wiphy_new_nm+0x1c1f/0x2160 net/wireless/core.c:562 ieee80211_alloc_hw_nm+0x1b7a/0x2260 net/mac80211/main.c:835 mac80211_hwsim_new_radio+0x1d6/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5185 hwsim_new_radio_nl+0xb42/0x12b0 drivers/net/wireless/virtual/mac80211_hwsim.c:6242 genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2533 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1882 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg net/socket.c:733 [inline] ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2573 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2627 __sys_sendmsg+0x16e/0x220 net/socket.c:2659 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 Close: https://syzkaller.appspot.com/bug?extid=aaf0488c83d1d5f4f029 CVE-2025-22119 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22119.html CVE-2025-22119 https://bugzilla.suse.com/1241576 SUSE Bug 1241576 https://bugzilla.suse.com/1241577 SUSE Bug 1241577 In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz-executor.0/15172 CPU: 3 PID: 15172 Comm: syz-executor.0 Call Trace: __dump_stack lib/dump_stack.c:82 [inline] dump_stack+0xbe/0xfd lib/dump_stack.c:123 print_address_description.constprop.0+0x1e/0x280 mm/kasan/report.c:400 __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560 kasan_report+0x3a/0x50 mm/kasan/report.c:585 ext4_xattr_inode_dec_ref_all+0x6ff/0x790 fs/ext4/xattr.c:1137 ext4_xattr_delete_inode+0x4c7/0xda0 fs/ext4/xattr.c:2896 ext4_evict_inode+0xb3b/0x1670 fs/ext4/inode.c:323 evict+0x39f/0x880 fs/inode.c:622 iput_final fs/inode.c:1746 [inline] iput fs/inode.c:1772 [inline] iput+0x525/0x6c0 fs/inode.c:1758 ext4_orphan_cleanup fs/ext4/super.c:3298 [inline] ext4_fill_super+0x8c57/0xba40 fs/ext4/super.c:5300 mount_bdev+0x355/0x410 fs/super.c:1446 legacy_get_tree+0xfe/0x220 fs/fs_context.c:611 vfs_get_tree+0x8d/0x2f0 fs/super.c:1576 do_new_mount fs/namespace.c:2983 [inline] path_mount+0x119a/0x1ad0 fs/namespace.c:3316 do_mount+0xfc/0x110 fs/namespace.c:3329 __do_sys_mount fs/namespace.c:3540 [inline] __se_sys_mount+0x219/0x2e0 fs/namespace.c:3514 do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Memory state around the buggy address: ffff88807b002f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff88807b002f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88807b003000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88807b003080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88807b003100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Above issue happens as ext4_xattr_delete_inode() isn't check xattr is valid if xattr is in inode. To solve above issue call xattr_check_inode() check if xattr if valid in inode. In fact, we can directly verify in ext4_iget_extra_inode(), so that there is no divergent verification. CVE-2025-22121 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22121.html CVE-2025-22121 https://bugzilla.suse.com/1241593 SUSE Bug 1241593 In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12k ------------------------------------------------------------------- | idle | md super | bm super [0] + bits | | bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] | | bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits | | bm bits [3, contd] | | | So in node 1, pg_index in __write_sb_page() could equal to bitmap->storage.file_pages. Then bitmap_limit will be calculated to 0. md_super_write() will be called with 0 size. That means the first 4k sb area of node 1 will never be updated through filemap_write_page(). This bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize. Here use (pg_index % bitmap->storage.file_pages) to make calculation of bitmap_limit correct. CVE-2025-22124 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22124.html CVE-2025-22124 https://bugzilla.suse.com/1241595 SUSE Bug 1241595 In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by default, it's found that raid write performance is quite bad because all IO are throttled by wbt of underlying disks, due to flag REQ_IDLE is ignored. And turns out this behaviour exist since blk-wbt is introduced. Other than REQ_IDLE, other flags should not be ignored as well, for example REQ_META can be set for filesystems, clearing it can cause priority reverse problems; And REQ_NOWAIT should not be cleared as well, because io will wait instead of failing directly in underlying disks. Fix those problems by keep IO flags from master bio. Fises: f51d46d0e7cb ("md: add support for REQ_NOWAIT") CVE-2025-22125 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22125.html CVE-2025-22125 https://bugzilla.suse.com/1241596 SUSE Bug 1241596 In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(), list_for_each_entry_safe is used, and this can race with deletint the next mddev, causing UAF: t1: spin_lock //list_for_each_entry_safe(mddev, n, ...) mddev_get(mddev1) // assume mddev2 is the next entry spin_unlock t2: //remove mddev2 ... mddev_free spin_lock list_del spin_unlock kfree(mddev2) mddev_put(mddev1) spin_lock //continue dereference mddev2->all_mddevs The old helper for_each_mddev() actually grab the reference of mddev2 while holding the lock, to prevent from being freed. This problem can be fixed the same way, however, the code will be complex. Hence switch to use list_for_each_entry, in this case mddev_put() can free the mddev1 and it's not safe as well. Refer to md_seq_show(), also factor out a helper mddev_put_locked() to fix this problem. CVE-2025-22126 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22126.html CVE-2025-22126 https://bugzilla.suse.com/1241597 SUSE Bug 1241597 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path If a shared IRQ is used by the driver due to platform limitation, then the IRQ affinity hint is set right after the allocation of IRQ vectors in ath12k_pci_msi_alloc(). This does no harm unless one of the functions requesting the IRQ fails and attempt to free the IRQ. This may end up with a warning from the IRQ core that is expecting the affinity hint to be cleared before freeing the IRQ: kernel/irq/manage.c: /* make sure affinity_hint is cleaned up */ if (WARN_ON_ONCE(desc->affinity_hint)) desc->affinity_hint = NULL; So to fix this issue, clear the IRQ affinity hint before calling ath12k_pci_free_irq() in the error path. The affinity will be cleared once again further down the error path due to code organization, but that does no harm. CVE-2025-22128 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-22128.html CVE-2025-22128 https://bugzilla.suse.com/1241598 SUSE Bug 1241598 A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache. CVE-2025-2312 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-2312.html CVE-2025-2312 https://bugzilla.suse.com/1239680 SUSE Bug 1239680 In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path If a shared IRQ is used by the driver due to platform limitation, then the IRQ affinity hint is set right after the allocation of IRQ vectors in ath11k_pci_alloc_msi(). This does no harm unless one of the functions requesting the IRQ fails and attempt to free the IRQ. This results in the below warning: WARNING: CPU: 7 PID: 349 at kernel/irq/manage.c:1929 free_irq+0x278/0x29c Call trace: free_irq+0x278/0x29c ath11k_pcic_free_irq+0x70/0x10c [ath11k] ath11k_pci_probe+0x800/0x820 [ath11k_pci] local_pci_probe+0x40/0xbc The warning is due to not clearing the affinity hint before freeing the IRQs. So to fix this issue, clear the IRQ affinity hint before calling ath11k_pcic_free_irq() in the error path. The affinity will be cleared once again further down the error path due to code organization, but that does no harm. Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1 CVE-2025-23129 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23129.html CVE-2025-23129 https://bugzilla.suse.com/1241599 SUSE Bug 1241599 In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_done do_uevent returns the value written to event_done. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be set. __dlm_new_lockspace, however, would treat that positive value as a success due to commit 8511a2728ab8 ("dlm: fix use count with multiple joins"). Down the line, device_create_lockspace would pass that NULL lockspace to dlm_find_lockspace_local, leading to a NULL pointer dereference. Treating such positive values as successes prevents the problem. Given this has been broken for so long, this is unlikely to break userspace expectations. CVE-2025-23131 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23131.html CVE-2025-23131 https://bugzilla.suse.com/1241601 SUSE Bug 1241601 In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: update channel list in reg notifier instead reg worker Currently when ath11k gets a new channel list, it will be processed according to the following steps: 1. update new channel list to cfg80211 and queue reg_work. 2. cfg80211 handles new channel list during reg_work. 3. update cfg80211's handled channel list to firmware by ath11k_reg_update_chan_list(). But ath11k will immediately execute step 3 after reg_work is just queued. Since step 2 is asynchronous, cfg80211 may not have completed handling the new channel list, which may leading to an out-of-bounds write error: BUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list Call Trace: ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k] kfree+0x109/0x3a0 ath11k_regd_update+0x1cf/0x350 [ath11k] ath11k_regd_update_work+0x14/0x20 [ath11k] process_one_work+0xe35/0x14c0 Should ensure step 2 is completely done before executing step 3. Thus Wen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set, cfg80211 will notify ath11k after step 2 is done. So enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will notify ath11k after step 2 is done. At this time, there will be no KASAN bug during the execution of the step 3. [1] https://patchwork.kernel.org/project/linux-wireless/patch/20230201065313.27203-1-quic_wgong@quicinc.com/ Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3 CVE-2025-23133 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23133.html CVE-2025-23133 https://bugzilla.suse.com/1241451 SUSE Bug 1241451 In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL"). Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe(). Note, under the same directory, int3400_thermal_probe() has such a check. [ rjw: Subject edit, added Fixes: ] CVE-2025-23136 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23136.html CVE-2025-23136 https://bugzilla.suse.com/1241357 SUSE Bug 1241357 In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accounting mismatch Currently, watch_queue_set_size() modifies the pipe buffers charged to user->pipe_bufs without updating the pipe->nr_accounted on the pipe itself, due to the if (!pipe_has_watch_queue()) test in pipe_resize_ring(). This means that when the pipe is ultimately freed, we decrement user->pipe_bufs by something other than what than we had charged to it, potentially leading to an underflow. This in turn can cause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM. To remedy this, explicitly account for the pipe usage in watch_queue_set_size() to match the number set via account_pipe_buffers() (It's unclear why watch_queue_set_size() does not update nr_accounted; it may be due to intentional overprovisioning in watch_queue_set_size()?) CVE-2025-23138 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23138.html CVE-2025-23138 https://bugzilla.suse.com/1241648 SUSE Bug 1241648 In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error After devm_request_irq() fails with error in pci_endpoint_test_request_irq(), the pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs have been released. However, some requested IRQs remain unreleased, so there are still /proc/irq/* entries remaining, and this results in WARN() with the following message: remove_proc_entry: removing non-empty directory 'irq/30', leaking at least 'pci-endpoint-test.0' WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c To solve this issue, set the number of remaining IRQs to test->num_irqs, and release IRQs in advance by calling pci_endpoint_test_release_irq(). [kwilczynski: commit log] CVE-2025-23140 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23140.html CVE-2025-23140 https://bugzilla.suse.com/1242763 SUSE Bug 1242763 In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending INIT or SIPI, can trigger accesses to guest memory. If the vCPU is in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP state will trigger a nested VM-Exit by way of ->check_nested_events(), and emuating the nested VM-Exit can access guest memory. The splat was originally hit by syzkaller on a Google-internal kernel, and reproduced on an upstream kernel by hacking the triple_fault_event_test selftest to stuff a pending INIT, store an MSR on VM-Exit (to generate a memory access on VMX), and do vcpu_mp_state_get() to trigger the scenario. ============================= WARNING: suspicious RCU usage 6.14.0-rc3-b112d356288b-vmx/pi_lockdep_false_pos-lock #3 Not tainted ----------------------------- include/linux/kvm_host.h:1058 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by triple_fault_ev/1256: #0: ffff88810df5a330 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x8b/0x9a0 [kvm] stack backtrace: CPU: 11 UID: 1000 PID: 1256 Comm: triple_fault_ev Not tainted 6.14.0-rc3-b112d356288b-vmx #3 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: <TASK> dump_stack_lvl+0x7f/0x90 lockdep_rcu_suspicious+0x144/0x190 kvm_vcpu_gfn_to_memslot+0x156/0x180 [kvm] kvm_vcpu_read_guest+0x3e/0x90 [kvm] read_and_check_msr_entry+0x2e/0x180 [kvm_intel] __nested_vmx_vmexit+0x550/0xde0 [kvm_intel] kvm_check_nested_events+0x1b/0x30 [kvm] kvm_apic_accept_events+0x33/0x100 [kvm] kvm_arch_vcpu_ioctl_get_mpstate+0x30/0x1d0 [kvm] kvm_vcpu_ioctl+0x33e/0x9a0 [kvm] __x64_sys_ioctl+0x8b/0xb0 do_syscall_64+0x6c/0x170 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> CVE-2025-23141 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23141.html CVE-2025-23141 https://bugzilla.suse.com/1242782 SUSE Bug 1242782 In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctp_sendmsg() re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination address, and then sctp_sendmsg_to_asoc() sets the selected transport in all the message chunks to be sent. There's a possible race condition if another thread triggers the removal of that selected transport, for instance, by explicitly unbinding an address with setsockopt(SCTP_SOCKOPT_BINDX_REM), after the chunks have been set up and before the message is sent. This can happen if the send buffer is full, during the period when the sender thread temporarily releases the socket lock in sctp_wait_for_sndbuf(). This causes the access to the transport data in sctp_outq_select_transport(), when the association outqueue is flushed, to result in a use-after-free read. This change avoids this scenario by having sctp_transport_free() signal the freeing of the transport, tagging it as "dead". In order to do this, the patch restores the "dead" bit in struct sctp_transport, which was removed in commit 47faa1e4c50e ("sctp: remove the dead field of sctp_transport"). Then, in the scenario where the sender thread has released the socket lock in sctp_wait_for_sndbuf(), the bit is checked again after re-acquiring the socket lock to detect the deletion. This is done while holding a reference to the transport to prevent it from being freed in the process. If the transport was deleted while the socket lock was relinquished, sctp_sendmsg_to_asoc() will return -EAGAIN to let userspace retry the send. The bug was found by a private syzbot instance (see the error report [1] and the C reproducer that triggers it [2]). CVE-2025-23142 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23142.html CVE-2025-23142 https://bugzilla.suse.com/1242760 SUSE Bug 1242760 In the Linux kernel, the following vulnerability has been resolved: backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Lockdep detects the following issue on led-backlight removal: [ 142.315935] ------------[ cut here ]------------ [ 142.315954] WARNING: CPU: 2 PID: 292 at drivers/leds/led-core.c:455 led_sysfs_enable+0x54/0x80 ... [ 142.500725] Call trace: [ 142.503176] led_sysfs_enable+0x54/0x80 (P) [ 142.507370] led_bl_remove+0x80/0xa8 [led_bl] [ 142.511742] platform_remove+0x30/0x58 [ 142.515501] device_remove+0x54/0x90 ... Indeed, led_sysfs_enable() has to be called with the led_access lock held. Hold the lock when calling led_sysfs_disable(). CVE-2025-23144 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23144.html CVE-2025-23144 https://bugzilla.suse.com/1242568 SUSE Bug 1242568 In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_accept_new_subflow (./net/mptcp/subflow.c:63 (discriminator 4)) (P) subflow_syn_recv_sock (./net/mptcp/subflow.c:854) tcp_check_req (./net/ipv4/tcp_minisocks.c:863) tcp_v4_rcv (./net/ipv4/tcp_ipv4.c:2268) ip_protocol_deliver_rcu (./net/ipv4/ip_input.c:207) ip_local_deliver_finish (./net/ipv4/ip_input.c:234) ip_local_deliver (./net/ipv4/ip_input.c:254) ip_rcv_finish (./net/ipv4/ip_input.c:449) ... According to the debug log, the same req received two SYN-ACK in a very short time, very likely because the client retransmits the syn ack due to multiple reasons. Even if the packets are transmitted with a relevant time interval, they can be processed by the server on different CPUs concurrently). The 'subflow_req->msk' ownership is transferred to the subflow the first, and there will be a risk of a null pointer dereference here. This patch fixes this issue by moving the 'subflow_req->msk' under the `own_req == true` conditional. Note that the !msk check in subflow_hmac_valid() can be dropped, because the same check already exists under the own_req mpj branch where the code has been moved to. CVE-2025-23145 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23145.html CVE-2025-23145 https://bugzilla.suse.com/1242596 SUSE Bug 1242596 https://bugzilla.suse.com/1242882 SUSE Bug 1242882 In the Linux kernel, the following vulnerability has been resolved: mfd: ene-kb3930: Fix a potential NULL pointer dereference The off_gpios could be NULL. Add missing check in the kb3930_probe(). This is similar to the issue fixed in commit b1ba8bcb2d1f ("backlight: hx8357: Fix potential NULL pointer dereference"). This was detected by our static analysis tool. CVE-2025-23146 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23146.html CVE-2025-23146 https://bugzilla.suse.com/1242559 SUSE Bug 1242559 In the Linux kernel, the following vulnerability has been resolved: i3c: Add NULL pointer check in i3c_master_queue_ibi() The I3C master driver may receive an IBI from a target device that has not been probed yet. In such cases, the master calls `i3c_master_queue_ibi()` to queue an IBI work task, leading to "Unable to handle kernel read from unreadable memory" and resulting in a kernel panic. Typical IBI handling flow: 1. The I3C master scans target devices and probes their respective drivers. 2. The target device driver calls `i3c_device_request_ibi()` to enable IBI and assigns `dev->ibi = ibi`. 3. The I3C master receives an IBI from the target device and calls `i3c_master_queue_ibi()` to queue the target device driver's IBI handler task. However, since target device events are asynchronous to the I3C probe sequence, step 3 may occur before step 2, causing `dev->ibi` to be `NULL`, leading to a kernel panic. Add a NULL pointer check in `i3c_master_queue_ibi()` to prevent accessing an uninitialized `dev->ibi`, ensuring stability. CVE-2025-23147 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23147.html CVE-2025-23147 https://bugzilla.suse.com/1242530 SUSE Bug 1242530 In the Linux kernel, the following vulnerability has been resolved: soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() soc_dev_attr->revision could be NULL, thus, a pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). This issue is found by our static analysis tool. CVE-2025-23148 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23148.html CVE-2025-23148 https://bugzilla.suse.com/1242578 SUSE Bug 1242578 In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can lead to a spurious tpm_chip_start() call: [35985.503771] i2c i2c-1: Transfer while suspended [35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810 [35985.503802] Modules linked in: [35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f [35985.503814] Tainted: [W]=WARN [35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023 [35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810 [35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5 [35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246 [35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000 [35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001 [35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820 [35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120 [35985.503846] FS: 0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000 [35985.503849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0 [35985.503855] Call Trace: [35985.503859] <TASK> [35985.503863] ? __warn+0xd4/0x260 [35985.503868] ? __i2c_transfer+0xbe/0x810 [35985.503874] ? report_bug+0xf3/0x210 [35985.503882] ? handle_bug+0x63/0xb0 [35985.503887] ? exc_invalid_op+0x16/0x50 [35985.503892] ? asm_exc_invalid_op+0x16/0x20 [35985.503904] ? __i2c_transfer+0xbe/0x810 [35985.503913] tpm_cr50_i2c_transfer_message+0x24/0xf0 [35985.503920] tpm_cr50_i2c_read+0x8e/0x120 [35985.503928] tpm_cr50_request_locality+0x75/0x170 [35985.503935] tpm_chip_start+0x116/0x160 [35985.503942] tpm_try_get_ops+0x57/0x90 [35985.503948] tpm_find_get_ops+0x26/0xd0 [35985.503955] tpm_get_random+0x2d/0x80 Don't move forward with tpm_chip_start() inside tpm_try_get_ops(), unless TPM_CHIP_FLAG_SUSPENDED is not set. tpm_find_get_ops() will return NULL in such a failure case. CVE-2025-23149 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23149.html CVE-2025-23149 https://bugzilla.suse.com/1242758 SUSE Bug 1242758 In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by out-of-bounds access due to incorrect splitting in do_split. BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109 Write of size 251 at addr ffff888074572f14 by task syz-executor335/5847 CPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109 add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154 make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351 ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455 ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796 ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431 vfs_symlink+0x137/0x2e0 fs/namei.c:4615 do_symlinkat+0x222/0x3a0 fs/namei.c:4641 __do_sys_symlink fs/namei.c:4662 [inline] __se_sys_symlink fs/namei.c:4660 [inline] __x64_sys_symlink+0x7a/0x90 fs/namei.c:4660 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> The following loop is located right above 'if' statement. for (i = count-1; i >= 0; i--) { /* is more than half of this entry in 2nd half of the block? */ if (size + map[i].size/2 > blocksize/2) break; size += map[i].size; move++; } 'i' in this case could go down to -1, in which case sum of active entries wouldn't exceed half the block size, but previous behaviour would also do split in half if sum would exceed at the very last block, which in case of having too many long name files in a single block could lead to out-of-bounds access and following use-after-free. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2025-23150 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23150.html CVE-2025-23150 https://bugzilla.suse.com/1242513 SUSE Bug 1242513 In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Fix race between unprepare and queue_buf A client driver may use mhi_unprepare_from_transfer() to quiesce incoming data during the client driver's tear down. The client driver might also be processing data at the same time, resulting in a call to mhi_queue_buf() which will invoke mhi_gen_tre(). If mhi_gen_tre() runs after mhi_unprepare_from_transfer() has torn down the channel, a panic will occur due to an invalid dereference leading to a page fault. This occurs because mhi_gen_tre() does not verify the channel state after locking it. Fix this by having mhi_gen_tre() confirm the channel state is valid, or return error to avoid accessing deinitialized data. [mani: added stable tag] CVE-2025-23151 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23151.html CVE-2025-23151 https://bugzilla.suse.com/1242512 SUSE Bug 1242512 In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: refactor hfi packet parsing logic words_count denotes the number of words in total payload, while data points to payload of various property within it. When words_count reaches last word, data can access memory beyond the total payload. This can lead to OOB access. With this patch, the utility api for handling individual properties now returns the size of data consumed. Accordingly remaining bytes are calculated before parsing the payload, thereby eliminates the OOB access possibilities. CVE-2025-23156 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23156.html CVE-2025-23156 https://bugzilla.suse.com/1242569 SUSE Bug 1242569 In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi_parser: add check to avoid out of bound access There is a possibility that init_codecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecs_count can get incremented to value more than MAX_CODEC_NUM, there can be OOB access. Reset the count so that it always starts from beginning. CVE-2025-23157 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23157.html CVE-2025-23157 https://bugzilla.suse.com/1242532 SUSE Bug 1242532 In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, empty_space will be bigger than the space actually available. Since new_wr_idx is not checked, so the following code will result in an OOB write. ... qsize = qhdr->q_size if (wr_idx >= rd_idx) empty_space = qsize - (wr_idx - rd_idx) .... if (new_wr_idx < qsize) { memcpy(wr_ptr, packet, dwords << 2) --> OOB write Add check to ensure qsize is within the allocated size while reading and writing packets into the queue. CVE-2025-23158 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23158.html CVE-2025-23158 https://bugzilla.suse.com/1242531 SUSE Bug 1242531 In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr->buf_size is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to allocated size for such cases. CVE-2025-23159 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23159.html CVE-2025-23159 https://bugzilla.suse.com/1242529 SUSE Bug 1242529 In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system companion processor (SCP) the mtk_scp structure has to be removed explicitly to avoid a resource leak. Free the structure in case the allocation of the firmware structure fails during the firmware initialization. CVE-2025-23160 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23160.html CVE-2025-23160 https://bugzilla.suse.com/1242507 SUSE Bug 1242507 In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write is a low-level hardware access. The functions can be accessed with disabled interrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this purpose. A spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be acquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in the same context as the pci_lock. Make vmd_dev::cfg_lock a raw_spinlock_t type so it can be used with interrupts disabled. This was reported as: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 Call Trace: rt_spin_lock+0x4e/0x130 vmd_pci_read+0x8d/0x100 [vmd] pci_user_read_config_byte+0x6f/0xe0 pci_read_config+0xfe/0x290 sysfs_kf_bin_read+0x68/0x90 [bigeasy: reword commit message] Tested-off-by: Luis Claudio R. Goncalves <lgoncalv@redhat.com> [kwilczynski: commit log] [bhelgaas: add back report info from https://lore.kernel.org/lkml/20241218115951.83062-1-ryotkkr98@gmail.com/] CVE-2025-23161 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-23161.html CVE-2025-23161 https://bugzilla.suse.com/1242792 SUSE Bug 1242792 In the Linux kernel, the following vulnerability has been resolved: jfs: add sanity check for agwidth in dbMount The width in dmapctl of the AG is zero, it trigger a divide error when calculating the control page level in dbAllocAG. To avoid this issue, add a check for agwidth in dbAllocAG. CVE-2025-37740 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37740.html CVE-2025-37740 https://bugzilla.suse.com/1243006 SUSE Bug 1243006 In the Linux kernel, the following vulnerability has been resolved: jfs: Prevent copying of nlink with value 0 from disk inode syzbot report a deadlock in diFree. [1] When calling "ioctl$LOOP_SET_STATUS64", the offset value passed in is 4, which does not match the mounted loop device, causing the mapping of the mounted loop device to be invalidated. When creating the directory and creating the inode of iag in diReadSpecial(), read the page of fixed disk inode (AIT) in raw mode in read_metapage(), the metapage data it returns is corrupted, which causes the nlink value of 0 to be assigned to the iag inode when executing copy_from_dinode(), which ultimately causes a deadlock when entering diFree(). To avoid this, first check the nlink value of dinode before setting iag inode. [1] WARNING: possible recursive locking detected 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 Not tainted -------------------------------------------- syz-executor301/5309 is trying to acquire lock: ffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889 but task is already holding lock: ffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diAlloc+0x1b6/0x1630 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(imap->im_aglock[index])); lock(&(imap->im_aglock[index])); *** DEADLOCK *** May be due to missing lock nesting notation 5 locks held by syz-executor301/5309: #0: ffff8880422a4420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:515 #1: ffff88804755b390 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:850 [inline] #1: ffff88804755b390 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: filename_create+0x260/0x540 fs/namei.c:4026 #2: ffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diAlloc+0x1b6/0x1630 #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diNewIAG fs/jfs/jfs_imap.c:2460 [inline] #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline] #3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diAllocAG+0x4b7/0x1e50 fs/jfs/jfs_imap.c:1669 #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diNewIAG fs/jfs/jfs_imap.c:2477 [inline] #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline] #4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diAllocAG+0x869/0x1e50 fs/jfs/jfs_imap.c:1669 stack backtrace: CPU: 0 UID: 0 PID: 5309 Comm: syz-executor301 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037 check_deadlock kernel/locking/lockdep.c:3089 [inline] validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891 __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __mutex_lock_common kernel/locking/mutex.c:608 [inline] __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752 diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889 jfs_evict_inode+0x32d/0x440 fs/jfs/inode.c:156 evict+0x4e8/0x9b0 fs/inode.c:725 diFreeSpecial fs/jfs/jfs_imap.c:552 [inline] duplicateIXtree+0x3c6/0x550 fs/jfs/jfs_imap.c:3022 diNewIAG fs/jfs/jfs_imap.c:2597 [inline] diAllocExt fs/jfs/jfs_imap.c:1905 [inline] diAllocAG+0x17dc/0x1e50 fs/jfs/jfs_imap.c:1669 diAlloc+0x1d2/0x1630 fs/jfs/jfs_imap.c:1590 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xba0 fs/jfs/namei.c:225 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257 do_mkdirat+0x264/0x3a0 fs/namei.c:4280 __do_sys_mkdirat fs/namei.c:4295 [inline] __se_sys_mkdirat fs/namei.c:4293 [inline] __x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4293 do_syscall_x64 arch/x86/en ---truncated--- CVE-2025-37741 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37741.html CVE-2025-37741 https://bugzilla.suse.com/1243015 SUSE Bug 1243015 In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount() function syzbot reports that hex_dump_to_buffer is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 hex_dump_to_buffer+0x888/0x1100 lib/hexdump.c:171 print_hex_dump+0x13d/0x3e0 lib/hexdump.c:276 diFree+0x5ba/0x4350 fs/jfs/jfs_imap.c:876 jfs_evict_inode+0x510/0x550 fs/jfs/inode.c:156 evict+0x723/0xd10 fs/inode.c:796 iput_final fs/inode.c:1946 [inline] iput+0x97b/0xdb0 fs/inode.c:1972 txUpdateMap+0xf3e/0x1150 fs/jfs/jfs_txnmgr.c:2367 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [inline] jfs_lazycommit+0x627/0x11d0 fs/jfs/jfs_txnmgr.c:2733 kthread+0x6b9/0xef0 kernel/kthread.c:464 ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Uninit was created at: slab_post_alloc_hook mm/slub.c:4121 [inline] slab_alloc_node mm/slub.c:4164 [inline] __kmalloc_cache_noprof+0x8e3/0xdf0 mm/slub.c:4320 kmalloc_noprof include/linux/slab.h:901 [inline] diMount+0x61/0x7f0 fs/jfs/jfs_imap.c:105 jfs_mount+0xa8e/0x11d0 fs/jfs/jfs_mount.c:176 jfs_fill_super+0xa47/0x17c0 fs/jfs/super.c:523 get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636 get_tree_bdev+0x37/0x50 fs/super.c:1659 jfs_get_tree+0x34/0x40 fs/jfs/super.c:635 vfs_get_tree+0xb1/0x5a0 fs/super.c:1814 do_new_mount+0x71f/0x15e0 fs/namespace.c:3560 path_mount+0x742/0x1f10 fs/namespace.c:3887 do_mount fs/namespace.c:3900 [inline] __do_sys_mount fs/namespace.c:4111 [inline] __se_sys_mount+0x71f/0x800 fs/namespace.c:4088 __x64_sys_mount+0xe4/0x150 fs/namespace.c:4088 x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f ===================================================== The reason is that imap is not properly initialized after memory allocation. It will cause the snprintf() function to write uninitialized data into linebuf within hex_dump_to_buffer(). Fix this by using kzalloc instead of kmalloc to clear its content at the beginning in diMount(). CVE-2025-37742 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37742.html CVE-2025-37742 https://bugzilla.suse.com/1243011 SUSE Bug 1243011 In the Linux kernel, the following vulnerability has been resolved: perf: Fix hang while freeing sigtrap event Perf can hang while freeing a sigtrap event if a related deferred signal hadn't managed to be sent before the file got closed: perf_event_overflow() task_work_add(perf_pending_task) fput() task_work_add(____fput()) task_work_run() ____fput() perf_release() perf_event_release_kernel() _free_event() perf_pending_task_sync() task_work_cancel() -> FAILED rcuwait_wait_event() Once task_work_run() is running, the list of pending callbacks is removed from the task_struct and from this point on task_work_cancel() can't remove any pending and not yet started work items, hence the task_work_cancel() failure and the hang on rcuwait_wait_event(). Task work could be changed to remove one work at a time, so a work running on the current task can always cancel a pending one, however the wait / wake design is still subject to inverted dependencies when remote targets are involved, as pictured by Oleg: T1 T2 fd = perf_event_open(pid => T2->pid); fd = perf_event_open(pid => T1->pid); close(fd) close(fd) <IRQ> <IRQ> perf_event_overflow() perf_event_overflow() task_work_add(perf_pending_task) task_work_add(perf_pending_task) </IRQ> </IRQ> fput() fput() task_work_add(____fput()) task_work_add(____fput()) task_work_run() task_work_run() ____fput() ____fput() perf_release() perf_release() perf_event_release_kernel() perf_event_release_kernel() _free_event() _free_event() perf_pending_task_sync() perf_pending_task_sync() rcuwait_wait_event() rcuwait_wait_event() Therefore the only option left is to acquire the event reference count upon queueing the perf task work and release it from the task work, just like it was done before 3a5465418f5f ("perf: Fix event leak upon exec and file release") but without the leaks it fixed. Some adjustments are necessary to make it work: * A child event might dereference its parent upon freeing. Care must be taken to release the parent last. * Some places assuming the event doesn't have any reference held and therefore can be freed right away must instead put the reference and let the reference counting to its job. CVE-2025-37747 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37747.html CVE-2025-37747 https://bugzilla.suse.com/1242520 SUSE Bug 1242520 In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Currently, mtk_iommu calls during probe iommu_device_register before the hw_list from driver data is initialized. Since iommu probing issue fix, it leads to NULL pointer dereference in mtk_iommu_device_group when hw_list is accessed with list_first_entry (not null safe). So, change the call order to ensure iommu_device_register is called after the driver data are initialized. CVE-2025-37748 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37748.html CVE-2025-37748 https://bugzilla.suse.com/1242523 SUSE Bug 1242523 In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When ppp_sync_txmung receives an incoming package with an empty payload: (remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0xffff8880371cdb96 } from the skb struct (trimmed) tail = 0x16, end = 0x140, head = 0xffff88803346f400 "4", data = 0xffff88803346f416 ":\377", truesize = 0x380, len = 0x0, data_len = 0x0, mac_len = 0xe, hdr_len = 0x0, it is not safe to access data[2]. [pabeni@redhat.com: fixed subj typo] CVE-2025-37749 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37749.html CVE-2025-37749 https://bugzilla.suse.com/1242859 SUSE Bug 1242859 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in decryption with multichannel After commit f7025d861694 ("smb: client: allocate crypto only for primary server") and commit b0abcd65ec54 ("smb: client: fix UAF in async decryption"), the channels started reusing AEAD TFM from primary channel to perform synchronous decryption, but that can't done as there could be multiple cifsd threads (one per channel) simultaneously accessing it to perform decryption. This fixes the following KASAN splat when running fstest generic/249 with 'vers=3.1.1,multichannel,max_channels=4,seal' against Windows Server 2022: BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xba/0x110 Read of size 8 at addr ffff8881046c18a0 by task cifsd/986 CPU: 3 UID: 0 PID: 986 Comm: cifsd Not tainted 6.15.0-rc1 #1 PREEMPT(voluntary) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 print_report+0x156/0x528 ? gf128mul_4k_lle+0xba/0x110 ? __virt_addr_valid+0x145/0x300 ? __phys_addr+0x46/0x90 ? gf128mul_4k_lle+0xba/0x110 kasan_report+0xdf/0x1a0 ? gf128mul_4k_lle+0xba/0x110 gf128mul_4k_lle+0xba/0x110 ghash_update+0x189/0x210 shash_ahash_update+0x295/0x370 ? __pfx_shash_ahash_update+0x10/0x10 ? __pfx_shash_ahash_update+0x10/0x10 ? __pfx_extract_iter_to_sg+0x10/0x10 ? ___kmalloc_large_node+0x10e/0x180 ? __asan_memset+0x23/0x50 crypto_ahash_update+0x3c/0xc0 gcm_hash_assoc_remain_continue+0x93/0xc0 crypt_message+0xe09/0xec0 [cifs] ? __pfx_crypt_message+0x10/0x10 [cifs] ? _raw_spin_unlock+0x23/0x40 ? __pfx_cifs_readv_from_socket+0x10/0x10 [cifs] decrypt_raw_data+0x229/0x380 [cifs] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs] ? __pfx_cifs_read_iter_from_socket+0x10/0x10 [cifs] smb3_receive_transform+0x837/0xc80 [cifs] ? __pfx_smb3_receive_transform+0x10/0x10 [cifs] ? __pfx___might_resched+0x10/0x10 ? __pfx_smb3_is_transform_hdr+0x10/0x10 [cifs] cifs_demultiplex_thread+0x692/0x1570 [cifs] ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs] ? rcu_is_watching+0x20/0x50 ? rcu_lockdep_current_cpu_online+0x62/0xb0 ? find_held_lock+0x32/0x90 ? kvm_sched_clock_read+0x11/0x20 ? local_clock_noinstr+0xd/0xd0 ? trace_irq_enable.constprop.0+0xa8/0xe0 ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs] kthread+0x1fe/0x380 ? kthread+0x10f/0x380 ? __pfx_kthread+0x10/0x10 ? local_clock_noinstr+0xd/0xd0 ? ret_from_fork+0x1b/0x60 ? local_clock+0x15/0x30 ? lock_release+0x29b/0x390 ? rcu_is_watching+0x20/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> CVE-2025-37750 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37750.html CVE-2025-37750 https://bugzilla.suse.com/1242510 SUSE Bug 1242510 In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence, introduced with commit 27536e03271da ("drm/i915/huc: track delayed HuC load with a fence"), is registered with object tracker early on driver probe but unregistered only from driver remove, which is not called on early probe errors. Since its memory is allocated under devres, then released anyway, it may happen to be allocated again to the fence and reused on future driver probes, resulting in kernel warnings that taint the kernel: <4> [309.731371] ------------[ cut here ]------------ <3> [309.731373] ODEBUG: init destroyed (active state 0) object: ffff88813d7dd2e0 object type: i915_sw_fence hint: sw_fence_dummy_notify+0x0/0x20 [i915] <4> [309.731575] WARNING: CPU: 2 PID: 3161 at lib/debugobjects.c:612 debug_print_object+0x93/0xf0 ... <4> [309.731693] CPU: 2 UID: 0 PID: 3161 Comm: i915_module_loa Tainted: G U 6.14.0-CI_DRM_16362-gf0fd77956987+ #1 ... <4> [309.731700] RIP: 0010:debug_print_object+0x93/0xf0 ... <4> [309.731728] Call Trace: <4> [309.731730] <TASK> ... <4> [309.731949] __debug_object_init+0x17b/0x1c0 <4> [309.731957] debug_object_init+0x34/0x50 <4> [309.732126] __i915_sw_fence_init+0x34/0x60 [i915] <4> [309.732256] intel_huc_init_early+0x4b/0x1d0 [i915] <4> [309.732468] intel_uc_init_early+0x61/0x680 [i915] <4> [309.732667] intel_gt_common_init_early+0x105/0x130 [i915] <4> [309.732804] intel_root_gt_init_early+0x63/0x80 [i915] <4> [309.732938] i915_driver_probe+0x1fa/0xeb0 [i915] <4> [309.733075] i915_pci_probe+0xe6/0x220 [i915] <4> [309.733198] local_pci_probe+0x44/0xb0 <4> [309.733203] pci_device_probe+0xf4/0x270 <4> [309.733209] really_probe+0xee/0x3c0 <4> [309.733215] __driver_probe_device+0x8c/0x180 <4> [309.733219] driver_probe_device+0x24/0xd0 <4> [309.733223] __driver_attach+0x10f/0x220 <4> [309.733230] bus_for_each_dev+0x7d/0xe0 <4> [309.733236] driver_attach+0x1e/0x30 <4> [309.733239] bus_add_driver+0x151/0x290 <4> [309.733244] driver_register+0x5e/0x130 <4> [309.733247] __pci_register_driver+0x7d/0x90 <4> [309.733251] i915_pci_register_driver+0x23/0x30 [i915] <4> [309.733413] i915_init+0x34/0x120 [i915] <4> [309.733655] do_one_initcall+0x62/0x3f0 <4> [309.733667] do_init_module+0x97/0x2a0 <4> [309.733671] load_module+0x25ff/0x2890 <4> [309.733688] init_module_from_file+0x97/0xe0 <4> [309.733701] idempotent_init_module+0x118/0x330 <4> [309.733711] __x64_sys_finit_module+0x77/0x100 <4> [309.733715] x64_sys_call+0x1f37/0x2650 <4> [309.733719] do_syscall_64+0x91/0x180 <4> [309.733763] entry_SYSCALL_64_after_hwframe+0x76/0x7e <4> [309.733792] </TASK> ... <4> [309.733806] ---[ end trace 0000000000000000 ]--- That scenario is most easily reproducible with igt@i915_module_load@reload-with-fault-injection. Fix the issue by moving the cleanup step to driver release path. (cherry picked from commit 795dbde92fe5c6996a02a5b579481de73035e7bf) CVE-2025-37754 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37754.html CVE-2025-37754 https://bugzilla.suse.com/1242524 SUSE Bug 1242524 In the Linux kernel, the following vulnerability has been resolved: net: libwx: handle page_pool_dev_alloc_pages error page_pool_dev_alloc_pages could return NULL. There was a WARN_ON(!page) but it would still proceed to use the NULL pointer and then crash. This is similar to commit 001ba0902046 ("net: fec: handle page_pool_dev_alloc_pages error"). This is found by our static analysis tool KNighter. CVE-2025-37755 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37755.html CVE-2025-37755 https://bugzilla.suse.com/1242506 SUSE Bug 1242506 In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does not check for this case, which can result in a NULL pointer dereference. Add NULL check after devm_ioremap() to prevent this issue. CVE-2025-37758 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37758.html CVE-2025-37758 https://bugzilla.suse.com/1242514 SUSE Bug 1242514 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttm_bo_delayed_delete oops Fix an oops in ttm_bo_delayed_delete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP CPU: 4 UID: 0 PID: 1082 Comm: kworker/u65:2 Not tainted 6.14.0-rc4-00267-g505460b44513-dirty #216 Hardware name: LENOVO 82N6/LNVNB161216, BIOS GKCN65WW 01/16/2024 Workqueue: ttm ttm_bo_delayed_delete [ttm] RIP: 0010:dma_resv_iter_first_unlocked+0x55/0x290 Code: 31 f6 48 c7 c7 00 2b fa aa e8 97 bd 52 ff e8 a2 c1 53 00 5a 85 c0 74 48 e9 88 01 00 00 4c 89 63 20 4d 85 e4 0f 84 30 01 00 00 <41> 8b 44 24 10 c6 43 2c 01 48 89 df 89 43 28 e8 97 fd ff ff 4c 8b RSP: 0018:ffffbf9383473d60 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffffbf9383473d88 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffbf9383473d78 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 6b6b6b6b6b6b6b6b R13: ffffa003bbf78580 R14: ffffa003a6728040 R15: 00000000000383cc FS: 0000000000000000(0000) GS:ffffa00991c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000758348024dd0 CR3: 000000012c259000 CR4: 0000000000f50ef0 PKRU: 55555554 Call Trace: <TASK> ? __die_body.cold+0x19/0x26 ? die_addr+0x3d/0x70 ? exc_general_protection+0x159/0x460 ? asm_exc_general_protection+0x27/0x30 ? dma_resv_iter_first_unlocked+0x55/0x290 dma_resv_wait_timeout+0x56/0x100 ttm_bo_delayed_delete+0x69/0xb0 [ttm] process_one_work+0x217/0x5c0 worker_thread+0x1c8/0x3d0 ? apply_wqattrs_cleanup.part.0+0xc0/0xc0 kthread+0x10b/0x240 ? kthreads_online_cpu+0x140/0x140 ret_from_fork+0x40/0x70 ? kthreads_online_cpu+0x140/0x140 ret_from_fork_asm+0x11/0x20 </TASK> The cause of this is: - drm_prime_gem_destroy calls dma_buf_put(dma_buf) which releases the reference to the shared dma_buf. The reference count is 0, so the dma_buf is destroyed, which in turn decrements the corresponding amdgpu_bo reference count to 0, and the amdgpu_bo is destroyed - calling drm_gem_object_release then dma_resv_fini (which destroys the reservation object), then finally freeing the amdgpu_bo. - nouveau_bo obj->bo.base.resv is now a dangling pointer to the memory formerly allocated to the amdgpu_bo. - nouveau_gem_object_del calls ttm_bo_put(&nvbo->bo) which calls ttm_bo_release, which schedules ttm_bo_delayed_delete. - ttm_bo_delayed_delete runs and dereferences the dangling resv pointer, resulting in a general protection fault. Fix this by moving the drm_prime_gem_destroy call from nouveau_gem_object_del to nouveau_bo_del_ttm. This ensures that it will be run after ttm_bo_delayed_delete. CVE-2025-37765 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37765.html CVE-2025-37765 https://bugzilla.suse.com/1242761 SUSE Bug 1242761 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-37766 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37766.html CVE-2025-37766 https://bugzilla.suse.com/1242785 SUSE Bug 1242785 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-37767 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37767.html CVE-2025-37767 https://bugzilla.suse.com/1242501 SUSE Bug 1242501 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-37768 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37768.html CVE-2025-37768 https://bugzilla.suse.com/1242567 SUSE Bug 1242567 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm/smu11: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. (cherry picked from commit da7dc714a8f8e1c9fc33c57cd63583779a3bef71) CVE-2025-37769 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37769.html CVE-2025-37769 https://bugzilla.suse.com/1242587 SUSE Bug 1242587 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-37770 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37770.html CVE-2025-37770 https://bugzilla.suse.com/1242764 SUSE Bug 1242764 In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINT_MAX/8, division by zero is possible. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-37771 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37771.html CVE-2025-37771 https://bugzilla.suse.com/1242781 SUSE Bug 1242781 In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix workqueue crash in cma_netevent_work_handler struct rdma_cm_id has member "struct work_struct net_work" that is reused for enqueuing cma_netevent_work_handler()s onto cma_wq. Below crash[1] can occur if more than one call to cma_netevent_callback() occurs in quick succession, which further enqueues cma_netevent_work_handler()s for the same rdma_cm_id, overwriting any previously queued work-item(s) that was just scheduled to run i.e. there is no guarantee the queued work item may run between two successive calls to cma_netevent_callback() and the 2nd INIT_WORK would overwrite the 1st work item (for the same rdma_cm_id), despite grabbing id_table_lock during enqueue. Also drgn analysis [2] indicates the work item was likely overwritten. Fix this by moving the INIT_WORK() to __rdma_create_id(), so that it doesn't race with any existing queue_work() or its worker thread. [1] Trimmed crash stack: ============================================= BUG: kernel NULL pointer dereference, address: 0000000000000008 kworker/u256:6 ... 6.12.0-0... Workqueue: cma_netevent_work_handler [rdma_cm] (rdma_cm) RIP: 0010:process_one_work+0xba/0x31a Call Trace: worker_thread+0x266/0x3a0 kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 ============================================= [2] drgn crash analysis: >>> trace = prog.crashed_thread().stack_trace() >>> trace (0) crash_setup_regs (./arch/x86/include/asm/kexec.h:111:15) (1) __crash_kexec (kernel/crash_core.c:122:4) (2) panic (kernel/panic.c:399:3) (3) oops_end (arch/x86/kernel/dumpstack.c:382:3) ... (8) process_one_work (kernel/workqueue.c:3168:2) (9) process_scheduled_works (kernel/workqueue.c:3310:3) (10) worker_thread (kernel/workqueue.c:3391:4) (11) kthread (kernel/kthread.c:389:9) Line workqueue.c:3168 for this kernel version is in process_one_work(): 3168 strscpy(worker->desc, pwq->wq->name, WORKER_DESC_LEN); >>> trace[8]["work"] *(struct work_struct *)0xffff92577d0a21d8 = { .data = (atomic_long_t){ .counter = (s64)536870912, <=== Note }, .entry = (struct list_head){ .next = (struct list_head *)0xffff924d075924c0, .prev = (struct list_head *)0xffff924d075924c0, }, .func = (work_func_t)cma_netevent_work_handler+0x0 = 0xffffffffc2cec280, } Suspicion is that pwq is NULL: >>> trace[8]["pwq"] (struct pool_workqueue *)<absent> In process_one_work(), pwq is assigned from: struct pool_workqueue *pwq = get_work_pwq(work); and get_work_pwq() is: static struct pool_workqueue *get_work_pwq(struct work_struct *work) { unsigned long data = atomic_long_read(&work->data); if (data & WORK_STRUCT_PWQ) return work_struct_pwq(data); else return NULL; } WORK_STRUCT_PWQ is 0x4: >>> print(repr(prog['WORK_STRUCT_PWQ'])) Object(prog, 'enum work_flags', value=4) But work->data is 536870912 which is 0x20000000. So, get_work_pwq() returns NULL and we crash in process_one_work(): 3168 strscpy(worker->desc, pwq->wq->name, WORKER_DESC_LEN); ============================================= CVE-2025-37772 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37772.html CVE-2025-37772 https://bugzilla.suse.com/1242563 SUSE Bug 1242563 In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an extra check for the source name should be added. CVE-2025-37773 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37773.html CVE-2025-37773 https://bugzilla.suse.com/1242502 SUSE Bug 1242502 In the Linux kernel, the following vulnerability has been resolved: isofs: Prevent the use of too small fid syzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1] The handle_bytes value passed in by the reproducing program is equal to 12. In handle_to_path(), only 12 bytes of memory are allocated for the structure file_handle->f_handle member, which causes an out-of-bounds access when accessing the member parent_block of the structure isofs_fid in isofs, because accessing parent_block requires at least 16 bytes of f_handle. Here, fh_len is used to indirectly confirm that the value of handle_bytes is greater than 3 before accessing parent_block. [1] BUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183 Read of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466 CPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x198/0x550 mm/kasan/report.c:521 kasan_report+0xd8/0x138 mm/kasan/report.c:634 __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380 isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183 exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523 do_handle_to_path+0xa0/0x198 fs/fhandle.c:257 handle_to_path fs/fhandle.c:385 [inline] do_handle_open+0x8cc/0xb8c fs/fhandle.c:403 __do_sys_open_by_handle_at fs/fhandle.c:443 [inline] __se_sys_open_by_handle_at fs/fhandle.c:434 [inline] __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Allocated by task 6466: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4294 [inline] __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306 kmalloc_noprof include/linux/slab.h:905 [inline] handle_to_path fs/fhandle.c:357 [inline] do_handle_open+0x5a4/0xb8c fs/fhandle.c:403 __do_sys_open_by_handle_at fs/fhandle.c:443 [inline] __se_sys_open_by_handle_at fs/fhandle.c:434 [inline] __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 CVE-2025-37780 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37780.html CVE-2025-37780 https://bugzilla.suse.com/1242786 SUSE Bug 1242786 In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer probe if parent EC is not present When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device will not be found, leading to NULL pointer dereference. That can also be reproduced by unbinding the controller driver and then loading i2c-cros-ec-tunnel module (or binding the device). [ 271.991245] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 271.998215] #PF: supervisor read access in kernel mode [ 272.003351] #PF: error_code(0x0000) - not-present page [ 272.008485] PGD 0 P4D 0 [ 272.011022] Oops: Oops: 0000 [#1] SMP NOPTI [ 272.015207] CPU: 0 UID: 0 PID: 3859 Comm: insmod Tainted: G S 6.15.0-rc1-00004-g44722359ed83 #30 PREEMPT(full) 3c7fb39a552e7d949de2ad921a7d6588d3a4fdc5 [ 272.030312] Tainted: [S]=CPU_OUT_OF_SPEC [ 272.034233] Hardware name: HP Berknip/Berknip, BIOS Google_Berknip.13434.356.0 05/17/2021 [ 272.042400] RIP: 0010:ec_i2c_probe+0x2b/0x1c0 [i2c_cros_ec_tunnel] [ 272.048577] Code: 1f 44 00 00 41 57 41 56 41 55 41 54 53 48 83 ec 10 65 48 8b 05 06 a0 6c e7 48 89 44 24 08 4c 8d 7f 10 48 8b 47 50 4c 8b 60 78 <49> 83 7c 24 58 00 0f 84 2f 01 00 00 48 89 fb be 30 06 00 00 4c 9 [ 272.067317] RSP: 0018:ffffa32082a03940 EFLAGS: 00010282 [ 272.072541] RAX: ffff969580b6a810 RBX: ffff969580b68c10 RCX: 0000000000000000 [ 272.079672] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff969580b68c00 [ 272.086804] RBP: 00000000fffffdfb R08: 0000000000000000 R09: 0000000000000000 [ 272.093936] R10: 0000000000000000 R11: ffffffffc0600000 R12: 0000000000000000 [ 272.101067] R13: ffffffffa666fbb8 R14: ffffffffc05b5528 R15: ffff969580b68c10 [ 272.108198] FS: 00007b930906fc40(0000) GS:ffff969603149000(0000) knlGS:0000000000000000 [ 272.116282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 272.122024] CR2: 0000000000000058 CR3: 000000012631c000 CR4: 00000000003506f0 [ 272.129155] Call Trace: [ 272.131606] <TASK> [ 272.133709] ? acpi_dev_pm_attach+0xdd/0x110 [ 272.137985] platform_probe+0x69/0xa0 [ 272.141652] really_probe+0x152/0x310 [ 272.145318] __driver_probe_device+0x77/0x110 [ 272.149678] driver_probe_device+0x1e/0x190 [ 272.153864] __driver_attach+0x10b/0x1e0 [ 272.157790] ? driver_attach+0x20/0x20 [ 272.161542] bus_for_each_dev+0x107/0x150 [ 272.165553] bus_add_driver+0x15d/0x270 [ 272.169392] driver_register+0x65/0x110 [ 272.173232] ? cleanup_module+0xa80/0xa80 [i2c_cros_ec_tunnel 3a00532f3f4af4a9eade753f86b0f8dd4e4e5698] [ 272.182617] do_one_initcall+0x110/0x350 [ 272.186543] ? security_kernfs_init_security+0x49/0xd0 [ 272.191682] ? __kernfs_new_node+0x1b9/0x240 [ 272.195954] ? security_kernfs_init_security+0x49/0xd0 [ 272.201093] ? __kernfs_new_node+0x1b9/0x240 [ 272.205365] ? kernfs_link_sibling+0x105/0x130 [ 272.209810] ? kernfs_next_descendant_post+0x1c/0xa0 [ 272.214773] ? kernfs_activate+0x57/0x70 [ 272.218699] ? kernfs_add_one+0x118/0x160 [ 272.222710] ? __kernfs_create_file+0x71/0xa0 [ 272.227069] ? sysfs_add_bin_file_mode_ns+0xd6/0x110 [ 272.232033] ? internal_create_group+0x453/0x4a0 [ 272.236651] ? __vunmap_range_noflush+0x214/0x2d0 [ 272.241355] ? __free_frozen_pages+0x1dc/0x420 [ 272.245799] ? free_vmap_area_noflush+0x10a/0x1c0 [ 272.250505] ? load_module+0x1509/0x16f0 [ 272.254431] do_init_module+0x60/0x230 [ 272.258181] __se_sys_finit_module+0x27a/0x370 [ 272.262627] do_syscall_64+0x6a/0xf0 [ 272.266206] ? do_syscall_64+0x76/0xf0 [ 272.269956] ? irqentry_exit_to_user_mode+0x79/0x90 [ 272.274836] entry_SYSCALL_64_after_hwframe+0x55/0x5d [ 272.279887] RIP: 0033:0x7b9309168d39 [ 272.283466] Code: 5b 41 5c 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d af 40 0c 00 f7 d8 64 89 01 8 [ 272.302210] RSP: 002b:00007fff50f1a288 EFLAGS: 00000246 ORIG_RAX: 000 ---truncated--- CVE-2025-37781 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37781.html CVE-2025-37781 https://bugzilla.suse.com/1242575 SUSE Bug 1242575 In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Syzbot reported an issue in hfs subsystem: BUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 Write of size 94 at addr ffff8880123cd100 by task syz-executor237/5102 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 memcpy_from_page include/linux/highmem.h:423 [inline] hfs_bnode_read fs/hfs/bnode.c:35 [inline] hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159 hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118 hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257 do_mkdirat+0x264/0x3a0 fs/namei.c:4280 __do_sys_mkdir fs/namei.c:4300 [inline] __se_sys_mkdir fs/namei.c:4298 [inline] __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fbdd6057a99 Add a check for key length in hfs_bnode_read_key to prevent out-of-bounds memory access. If the key length is invalid, the key buffer is cleared, improving stability and reliability. CVE-2025-37782 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37782.html CVE-2025-37782 https://bugzilla.suse.com/1242770 SUSE Bug 1242770 In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted directory is removed). ext4_empty_dir() assumes every ext4 directory contains at least '.' and '..' as directory entries in the first data block. It first loads the '.' dir entry, performs sanity checks by calling ext4_check_dir_entry() and then uses its rec_len member to compute the location of '..' dir entry (in ext4_next_entry). It assumes the '..' dir entry fits into the same data block. If the rec_len of '.' is precisely one block (4KB), it slips through the sanity checks (it is considered the last directory entry in the data block) and leaves "struct ext4_dir_entry_2 *de" point exactly past the memory slot allocated to the data block. The following call to ext4_check_dir_entry() on new value of de then dereferences this pointer which results in out-of-bounds mem access. Fix this by extending __ext4_check_dir_entry() to check for '.' dir entries that reach the end of data block. Make sure to ignore the phony dir entries for checksum (by checking name_len for non-zero). Note: This is reported by KASAN as use-after-free in case another structure was recently freed from the slot past the bound, but it is really an OOB read. This issue was found by syzkaller tool. Call Trace: [ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710 [ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375 [ 38.595158] [ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1 [ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 38.595304] Call Trace: [ 38.595308] <TASK> [ 38.595311] dump_stack_lvl+0xa7/0xd0 [ 38.595325] print_address_description.constprop.0+0x2c/0x3f0 [ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595349] print_report+0xaa/0x250 [ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595368] ? kasan_addr_to_slab+0x9/0x90 [ 38.595378] kasan_report+0xab/0xe0 [ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710 [ 38.595400] __ext4_check_dir_entry+0x67e/0x710 [ 38.595410] ext4_empty_dir+0x465/0x990 [ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10 [ 38.595432] ext4_rmdir.part.0+0x29a/0xd10 [ 38.595441] ? __dquot_initialize+0x2a7/0xbf0 [ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10 [ 38.595464] ? __pfx___dquot_initialize+0x10/0x10 [ 38.595478] ? down_write+0xdb/0x140 [ 38.595487] ? __pfx_down_write+0x10/0x10 [ 38.595497] ext4_rmdir+0xee/0x140 [ 38.595506] vfs_rmdir+0x209/0x670 [ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190 [ 38.595529] do_rmdir+0x363/0x3c0 [ 38.595537] ? __pfx_do_rmdir+0x10/0x10 [ 38.595544] ? strncpy_from_user+0x1ff/0x2e0 [ 38.595561] __x64_sys_unlinkat+0xf0/0x130 [ 38.595570] do_syscall_64+0x5b/0x180 [ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2025-37785 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37785.html CVE-2025-37785 https://bugzilla.suse.com/1241640 SUSE Bug 1241640 https://bugzilla.suse.com/1241698 SUSE Bug 1241698 In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Russell King reports that a system with mv88e6xxx dereferences a NULL pointer when unbinding this driver: https://lore.kernel.org/netdev/Z_lRkMlTJ1KQ0kVX@shell.armlinux.org.uk/ The crash seems to be in devlink_region_destroy(), which is not NULL tolerant but is given a NULL devlink global region pointer. At least on some chips, some devlink regions are conditionally registered since the blamed commit, see mv88e6xxx_setup_devlink_regions_global(): if (cond && !cond(chip)) continue; These are MV88E6XXX_REGION_STU and MV88E6XXX_REGION_PVT. If the chip does not have an STU or PVT, it should crash like this. To fix the issue, avoid unregistering those regions which are NULL, i.e. were skipped at mv88e6xxx_setup_devlink_regions_global() time. CVE-2025-37787 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37787.html CVE-2025-37787 https://bugzilla.suse.com/1242585 SUSE Bug 1242585 In the Linux kernel, the following vulnerability has been resolved: cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path In the for loop used to allocate the loc_array and bmap for each port, a memory leak is possible when the allocation for loc_array succeeds, but the allocation for bmap fails. This is because when the control flow goes to the label free_eth_finfo, only the allocations starting from (i-1)th iteration are freed. Fix that by freeing the loc_array in the bmap allocation error path. CVE-2025-37788 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37788.html CVE-2025-37788 https://bugzilla.suse.com/1242766 SUSE Bug 1242766 In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first. CVE-2025-37789 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37789.html CVE-2025-37789 https://bugzilla.suse.com/1242762 SUSE Bug 1242762 In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCK_RCU_FREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup. CVE-2025-37790 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37790.html CVE-2025-37790 https://bugzilla.suse.com/1242509 SUSE Bug 1242509 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() function checks that rtl_load_file() either had an error or it loaded a zero length file. However, if it loaded a zero length file then the error code is not set correctly. It results in an error pointer vs NULL bug, followed by a NULL pointer dereference. This was detected by Smatch: drivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to 'ERR_PTR' CVE-2025-37792 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37792.html CVE-2025-37792 https://bugzilla.suse.com/1242591 SUSE Bug 1242591 In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, avs_component_probe() does not check for this case, which results in a NULL pointer dereference. CVE-2025-37793 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37793.html CVE-2025-37793 https://bugzilla.suse.com/1242584 SUSE Bug 1242584 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Purge vif txq in ieee80211_do_stop() After ieee80211_do_stop() SKB from vif's txq could still be processed. Indeed another concurrent vif schedule_and_wake_txq call could cause those packets to be dequeued (see ieee80211_handle_wake_tx_queue()) without checking the sdata current state. Because vif.drv_priv is now cleared in this function, this could lead to driver crash. For example in ath12k, ahvif is store in vif.drv_priv. Thus if ath12k_mac_op_tx() is called after ieee80211_do_stop(), ahvif->ah can be NULL, leading the ath12k_warn(ahvif->ah,...) call in this function to trigger the NULL deref below. Unable to handle kernel paging request at virtual address dfffffc000000001 KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] batman_adv: bat0: Interface deactivated: brbh1337 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [dfffffc000000001] address between user and kernel address ranges Internal error: Oops: 0000000096000004 [#1] SMP CPU: 1 UID: 0 PID: 978 Comm: lbd Not tainted 6.13.0-g633f875b8f1e #114 Hardware name: HW (DT) pstate: 10000005 (nzcV daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k] lr : ath12k_mac_op_tx+0x174/0x29b8 [ath12k] sp : ffffffc086ace450 x29: ffffffc086ace450 x28: 0000000000000000 x27: 1ffffff810d59ca4 x26: ffffff801d05f7c0 x25: 0000000000000000 x24: 000000004000001e x23: ffffff8009ce4926 x22: ffffff801f9c0800 x21: ffffff801d05f7f0 x20: ffffff8034a19f40 x19: 0000000000000000 x18: ffffff801f9c0958 x17: ffffff800bc0a504 x16: dfffffc000000000 x15: ffffffc086ace4f8 x14: ffffff801d05f83c x13: 0000000000000000 x12: ffffffb003a0bf03 x11: 0000000000000000 x10: ffffffb003a0bf02 x9 : ffffff8034a19f40 x8 : ffffff801d05f818 x7 : 1ffffff0069433dc x6 : ffffff8034a19ee0 x5 : ffffff801d05f7f0 x4 : 0000000000000000 x3 : 0000000000000001 x2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000008 Call trace: ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k] (P) ieee80211_handle_wake_tx_queue+0x16c/0x260 ieee80211_queue_skb+0xeec/0x1d20 ieee80211_tx+0x200/0x2c8 ieee80211_xmit+0x22c/0x338 __ieee80211_subif_start_xmit+0x7e8/0xc60 ieee80211_subif_start_xmit+0xc4/0xee0 __ieee80211_subif_start_xmit_8023.isra.0+0x854/0x17a0 ieee80211_subif_start_xmit_8023+0x124/0x488 dev_hard_start_xmit+0x160/0x5a8 __dev_queue_xmit+0x6f8/0x3120 br_dev_queue_push_xmit+0x120/0x4a8 __br_forward+0xe4/0x2b0 deliver_clone+0x5c/0xd0 br_flood+0x398/0x580 br_dev_xmit+0x454/0x9f8 dev_hard_start_xmit+0x160/0x5a8 __dev_queue_xmit+0x6f8/0x3120 ip6_finish_output2+0xc28/0x1b60 __ip6_finish_output+0x38c/0x638 ip6_output+0x1b4/0x338 ip6_local_out+0x7c/0xa8 ip6_send_skb+0x7c/0x1b0 ip6_push_pending_frames+0x94/0xd0 rawv6_sendmsg+0x1a98/0x2898 inet_sendmsg+0x94/0xe0 __sys_sendto+0x1e4/0x308 __arm64_sys_sendto+0xc4/0x140 do_el0_svc+0x110/0x280 el0_svc+0x20/0x60 el0t_64_sync_handler+0x104/0x138 el0t_64_sync+0x154/0x158 To avoid that, empty vif's txq at ieee80211_do_stop() so no packet could be dequeued after ieee80211_do_stop() (new packets cannot be queued because SDATA_STATE_RUNNING is cleared at this point). CVE-2025-37794 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37794.html CVE-2025-37794 https://bugzilla.suse.com/1242566 SUSE Bug 1242566 In the Linux kernel, the following vulnerability has been resolved: wifi: at76c50x: fix use after free access in at76_disconnect The memory pointed to by priv is freed at the end of at76_delete_device function (using ieee80211_free_hw). But the code then accesses the udev field of the freed object to put the USB device. This may also lead to a memory leak of the usb device. Fix this by using udev from interface. CVE-2025-37796 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37796.html CVE-2025-37796 https://bugzilla.suse.com/1242727 SUSE Bug 1242727 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g., codel, netem) might drop packets and empty the queue 3. The code continues assuming the queue is still non-empty, adding the class to vttree 4. This breaks HFSC scheduler assumptions that only non-empty classes are in vttree 5. Later, when the class is destroyed, this can lead to a Use-After-Free The fix adds a second queue length check after qdisc_peek_len() to verify the queue wasn't emptied. CVE-2025-37797 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37797.html CVE-2025-37797 https://bugzilla.suse.com/1242417 SUSE Bug 1242417 In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue(). CVE-2025-37798 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37798.html CVE-2025-37798 https://bugzilla.suse.com/1242414 SUSE Bug 1242414 In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that is, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivity issues with Cilium's service load- balancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP backend service where the XDP LB was doing IPIP encap led to overly large packet sizes but only for *some* of the packets (e.g. HTTP GET request) while others (e.g. the prior TCP 3WHS) looked completely fine on the wire. In fact, the pcap recording on the backend node actually revealed that the node with the XDP LB was leaking uninitialized kernel data onto the wire for the affected packets, for example, while the packets should have been 152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes was padded with whatever other data was in that page at the time (e.g. we saw user/payload data from prior processed packets). We only noticed this through an MTU issue, e.g. when the XDP LB node and the backend node both had the same MTU (e.g. 1500) then the curl request got dropped on the backend node's NIC given the packet was too large even though the IPIP-encapped packet normally would never even come close to the MTU limit. Lowering the MTU on the XDP LB (e.g. 1480) allowed to let the curl request succeed (which also indicates that the kernel ignored the padding, and thus the issue wasn't very user-visible). Commit e127ce7699c1 ("vmxnet3: Fix missing reserved tailroom") was too eager to also switch xdp_prepare_buff() from rcd->len to rbi->len. It really needs to stick to rcd->len which is the actual packet length from the descriptor. The latter we also feed into vmxnet3_process_xdp_small(), by the way, and it indicates the correct length needed to initialize the xdp->{data,data_end} parts. For e127ce7699c1 ("vmxnet3: Fix missing reserved tailroom") the relevant part was adapting xdp_init_buff() to address the warning given the xdp_data_hard_end() depends on xdp->frame_sz. With that fixed, traffic on the wire looks good again. CVE-2025-37799 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37799.html CVE-2025-37799 https://bugzilla.suse.com/1242283 SUSE Bug 1242283 In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit. CVE-2025-37803 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37803.html CVE-2025-37803 https://bugzilla.suse.com/1242852 SUSE Bug 1242852 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2025-37804 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37804.html CVE-2025-37804 https://bugzilla.suse.com/1242854 SUSE Bug 1242854 In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Betty reported hitting the following warning: [ 8.709131][ T221] WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... [ 8.713282][ T221] Call trace: [ 8.713365][ T221] __flush_work+0x8d0/0x914 [ 8.713468][ T221] __cancel_work_sync+0xac/0xfc [ 8.713570][ T221] cancel_work_sync+0x24/0x34 [ 8.713667][ T221] virtsnd_remove+0xa8/0xf8 [virtio_snd ab15f34d0dd772f6d11327e08a81d46dc9c36276] [ 8.713868][ T221] virtsnd_probe+0x48c/0x664 [virtio_snd ab15f34d0dd772f6d11327e08a81d46dc9c36276] [ 8.714035][ T221] virtio_dev_probe+0x28c/0x390 [ 8.714139][ T221] really_probe+0x1bc/0x4c8 ... It seems we're hitting the error path in virtsnd_probe(), which triggers a virtsnd_remove() which iterates over the substreams calling cancel_work_sync() on the elapsed_period work_struct. Looking at the code, from earlier in: virtsnd_probe()->virtsnd_build_devs()->virtsnd_pcm_parse_cfg() We set snd->nsubstreams, allocate the snd->substreams, and if we then hit an error on the info allocation or something in virtsnd_ctl_query_info() fails, we will exit without having initialized the elapsed_period work_struct. When that error path unwinds we then call virtsnd_remove() which as long as the substreams array is allocated, will iterate through calling cancel_work_sync() on the uninitialized work struct hitting this warning. Takashi Iwai suggested this fix, which initializes the substreams structure right after allocation, so that if we hit the error paths we avoid trying to cleanup uninitialized data. Note: I have not yet managed to reproduce the issue myself, so this patch has had limited testing. Feedback or thoughts would be appreciated! CVE-2025-37805 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37805.html CVE-2025-37805 https://bugzilla.suse.com/1242930 SUSE Bug 1242930 In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue. The same mutex protects both the device pointers and the partner device registration. CVE-2025-37809 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37809.html CVE-2025-37809 https://bugzilla.suse.com/1242856 SUSE Bug 1242856 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check that event count does not exceed event buffer length, avoiding an out-of-bounds access when memcpy'ing the event. Crash log: Unable to handle kernel paging request at virtual address ffffffc0129be000 pc : __memcpy+0x114/0x180 lr : dwc3_check_event_buf+0xec/0x348 x3 : 0000000000000030 x2 : 000000000000dfc4 x1 : ffffffc0129be000 x0 : ffffff87aad60080 Call trace: __memcpy+0x114/0x180 dwc3_interrupt+0x24/0x34 CVE-2025-37810 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37810.html CVE-2025-37810 https://bugzilla.suse.com/1242906 SUSE Bug 1242906 In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget"). Under PREEMPT_RT the deadlock can be readily triggered by heavy network traffic, for example using "iperf --bidir" over NCM ethernet link. The deadlock occurs because the threaded interrupt handler gets preempted by a softirq, but both are protected by the same spinlock. Prevent deadlock by disabling softirq during threaded irq handler. CVE-2025-37812 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37812.html CVE-2025-37812 https://bugzilla.suse.com/1242908 SUSE Bug 1242908 In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Resolve kernel panic while accessing IRQ handler associated with the generated IRQ. This is done by acquiring the spinlock and storing the current interrupt state before handling the interrupt request using generic_handle_irq. A previous fix patch was submitted where 'generic_handle_irq' was replaced with 'handle_nested_irq'. However, this change also causes the kernel panic where after determining which GPIO triggered the interrupt and attempting to call handle_nested_irq with the mapped IRQ number, leads to a failure in locating the registered handler. CVE-2025-37815 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37815.html CVE-2025-37815 https://bugzilla.suse.com/1242871 SUSE Bug 1242871 In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci subsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime during a PCI host bridge probe. But, the call back is wrongly marked as __init, causing it to be freed, while being registered with the PCI subsystem and could trigger: Unable to handle kernel paging request at virtual address ffff8000816c0400 gicv2m_get_fwnode+0x0/0x58 (P) pci_set_bus_msi_domain+0x74/0x88 pci_register_host_bridge+0x194/0x548 This is easily reproducible on a Juno board with ACPI boot. Retain the function for later use. CVE-2025-37819 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37819.html CVE-2025-37819 https://bugzilla.suse.com/1242873 SUSE Bug 1242873 In the Linux kernel, the following vulnerability has been resolved: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() The function xdp_convert_buff_to_frame() may return NULL if it fails to correctly convert the XDP buffer into an XDP frame due to memory constraints, internal errors, or invalid data. Failing to check for NULL may lead to a NULL pointer dereference if the result is used later in processing, potentially causing crashes, data corruption, or undefined behavior. On XDP redirect failure, the associated page must be released explicitly if it was previously retained via get_page(). Failing to do so may result in a memory leak, as the pages reference count is not decremented. CVE-2025-37820 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37820.html CVE-2025-37820 https://bugzilla.suse.com/1242866 SUSE Bug 1242866 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer. CVE-2025-37823 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37823.html CVE-2025-37823 https://bugzilla.suse.com/1242924 SUSE Bug 1242924 In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() syzbot reported: tipc: Node number set to 1055423674 Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 3 UID: 0 PID: 6017 Comm: kworker/3:5 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: events tipc_net_finalize_work RIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719 ... RSP: 0018:ffffc9000356fb68 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba RDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010 RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007 R13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010 FS: 0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> tipc_net_finalize+0x10b/0x180 net/tipc/net.c:140 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:464 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> ... RIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719 ... RSP: 0018:ffffc9000356fb68 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba RDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010 RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007 R13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010 FS: 0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 There is a racing condition between workqueue created when enabling bearer and another thread created when disabling bearer right after that as follow: enabling_bearer | disabling_bearer --------------- | ---------------- tipc_disc_timeout() | { | bearer_disable() ... | { schedule_work(&tn->work); | tipc_mon_delete() ... | { } | ... | write_lock_bh(&mon->lock); | mon->self = NULL; | write_unlock_bh(&mon->lock); | ... | } tipc_net_finalize_work() | } { | ... | tipc_net_finalize() | { | ... | tipc_mon_reinit_self() | { | ... | write_lock_bh(&mon->lock); | mon->self->addr = tipc_own_addr(net); | write_unlock_bh(&mon->lock); | ... ---truncated--- CVE-2025-37824 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37824.html CVE-2025-37824 https://bugzilla.suse.com/1242867 SUSE Bug 1242867 In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scpi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. CVE-2025-37829 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37829.html CVE-2025-37829 https://bugzilla.suse.com/1242875 SUSE Bug 1242875 In the Linux kernel, the following vulnerability has been resolved: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. scmi_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. Add NULL check after cpufreq_cpu_get_raw() to prevent this issue. CVE-2025-37830 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37830.html CVE-2025-37830 https://bugzilla.suse.com/1242860 SUSE Bug 1242860 In the Linux kernel, the following vulnerability has been resolved: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not present in the policy->cpus mask. apple_soc_cpufreq_get_rate() does not check for this case, which results in a NULL pointer dereference. CVE-2025-37831 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37831.html CVE-2025-37831 https://bugzilla.suse.com/1242861 SUSE Bug 1242861 In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Fix niu_try_msix() to not cause a fatal trap on sparc systems. Set PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to work around a bug in the hardware or firmware. For each vector entry in the msix table, niu chips will cause a fatal trap if any registers in that entry are read before that entries' ENTRY_DATA register is written to. Testing indicates writes to other registers are not sufficient to prevent the fatal trap, however the value does not appear to matter. This only needs to happen once after power up, so simply rebooting into a kernel lacking this fix will NOT cause the trap. NON-RESUMABLE ERROR: Reporting on cpu 64 NON-RESUMABLE ERROR: TPC [0x00000000005f6900] <msix_prepare_msi_desc+0x90/0xa0> NON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff NON-RESUMABLE ERROR: 0000000800000000:0000000000000000:0000000000000000:0000000000000000] NON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff] NON-RESUMABLE ERROR: type [precise nonresumable] NON-RESUMABLE ERROR: attrs [0x02000080] < ASI sp-faulted priv > NON-RESUMABLE ERROR: raddr [0xffffffffffffffff] NON-RESUMABLE ERROR: insn effective address [0x000000c50020000c] NON-RESUMABLE ERROR: size [0x8] NON-RESUMABLE ERROR: asi [0x00] CPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63 Workqueue: events work_for_cpu_fn TSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000 Not tainted TPC: <msix_prepare_msi_desc+0x90/0xa0> g0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100 g4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000 o0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620 o4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128 RPC: <__pci_enable_msix_range+0x3cc/0x460> l0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020 l4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734 i0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d i4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0 I7: <niu_try_msix.constprop.0+0xc0/0x130 [niu]> Call Trace: [<00000000101888b0>] niu_try_msix.constprop.0+0xc0/0x130 [niu] [<000000001018f840>] niu_get_invariants+0x183c/0x207c [niu] [<00000000101902fc>] niu_pci_init_one+0x27c/0x2fc [niu] [<00000000005ef3e4>] local_pci_probe+0x28/0x74 [<0000000000469240>] work_for_cpu_fn+0x8/0x1c [<000000000046b008>] process_scheduled_works+0x144/0x210 [<000000000046b518>] worker_thread+0x13c/0x1c0 [<00000000004710e0>] kthread+0xb8/0xc8 [<00000000004060c8>] ret_from_fork+0x1c/0x2c [<0000000000000000>] 0x0 Kernel panic - not syncing: Non-resumable error. CVE-2025-37833 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37833.html CVE-2025-37833 https://bugzilla.suse.com/1242868 SUSE Bug 1242868 In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reference leak in pci_register_host_bridge() If device_register() fails, call put_device() to give up the reference to avoid a memory leak, per the comment at device_register(). Found by code review. [bhelgaas: squash Dan Carpenter's double free fix from https://lore.kernel.org/r/db806a6c-a91b-4e5a-a84b-6b7e01bdac85@stanley.mountain] CVE-2025-37836 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37836.html CVE-2025-37836 https://bugzilla.suse.com/1242957 SUSE Bug 1242957 In the Linux kernel, the following vulnerability has been resolved: jbd2: remove wrong sb->s_sequence check Journal emptiness is not determined by sb->s_sequence == 0 but rather by sb->s_start == 0 (which is set a few lines above). Furthermore 0 is a valid transaction ID so the check can spuriously trigger. Remove the invalid WARN_ON. CVE-2025-37839 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37839.html CVE-2025-37839 https://bugzilla.suse.com/1242990 SUSE Bug 1242990 In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: brcmnand: fix PM resume warning Fixed warning on PM resume as shown below caused due to uninitialized struct nand_operation that checks chip select field : WARN_ON(op->cs >= nanddev_ntargets(&chip->base) [ 14.588522] ------------[ cut here ]------------ [ 14.588529] WARNING: CPU: 0 PID: 1392 at drivers/mtd/nand/raw/internals.h:139 nand_reset_op+0x1e0/0x1f8 [ 14.588553] Modules linked in: bdc udc_core [ 14.588579] CPU: 0 UID: 0 PID: 1392 Comm: rtcwake Tainted: G W 6.14.0-rc4-g5394eea10651 #16 [ 14.588590] Tainted: [W]=WARN [ 14.588593] Hardware name: Broadcom STB (Flattened Device Tree) [ 14.588598] Call trace: [ 14.588604] dump_backtrace from show_stack+0x18/0x1c [ 14.588622] r7:00000009 r6:0000008b r5:60000153 r4:c0fa558c [ 14.588625] show_stack from dump_stack_lvl+0x70/0x7c [ 14.588639] dump_stack_lvl from dump_stack+0x18/0x1c [ 14.588653] r5:c08d40b0 r4:c1003cb0 [ 14.588656] dump_stack from __warn+0x84/0xe4 [ 14.588668] __warn from warn_slowpath_fmt+0x18c/0x194 [ 14.588678] r7:c08d40b0 r6:c1003cb0 r5:00000000 r4:00000000 [ 14.588681] warn_slowpath_fmt from nand_reset_op+0x1e0/0x1f8 [ 14.588695] r8:70c40dff r7:89705f41 r6:36b4a597 r5:c26c9444 r4:c26b0048 [ 14.588697] nand_reset_op from brcmnand_resume+0x13c/0x150 [ 14.588714] r9:00000000 r8:00000000 r7:c24f8010 r6:c228a3f8 r5:c26c94bc r4:c26b0040 [ 14.588717] brcmnand_resume from platform_pm_resume+0x34/0x54 [ 14.588735] r5:00000010 r4:c0840a50 [ 14.588738] platform_pm_resume from dpm_run_callback+0x5c/0x14c [ 14.588757] dpm_run_callback from device_resume+0xc0/0x324 [ 14.588776] r9:c24f8054 r8:c24f80a0 r7:00000000 r6:00000000 r5:00000010 r4:c24f8010 [ 14.588779] device_resume from dpm_resume+0x130/0x160 [ 14.588799] r9:c22539e4 r8:00000010 r7:c22bebb0 r6:c24f8010 r5:c22539dc r4:c22539b0 [ 14.588802] dpm_resume from dpm_resume_end+0x14/0x20 [ 14.588822] r10:c2204e40 r9:00000000 r8:c228a3fc r7:00000000 r6:00000003 r5:c228a414 [ 14.588826] r4:00000010 [ 14.588828] dpm_resume_end from suspend_devices_and_enter+0x274/0x6f8 [ 14.588848] r5:c228a414 r4:00000000 [ 14.588851] suspend_devices_and_enter from pm_suspend+0x228/0x2bc [ 14.588868] r10:c3502910 r9:c3501f40 r8:00000004 r7:c228a438 r6:c0f95e18 r5:00000000 [ 14.588871] r4:00000003 [ 14.588874] pm_suspend from state_store+0x74/0xd0 [ 14.588889] r7:c228a438 r6:c0f934c8 r5:00000003 r4:00000003 [ 14.588892] state_store from kobj_attr_store+0x1c/0x28 [ 14.588913] r9:00000000 r8:00000000 r7:f09f9f08 r6:00000004 r5:c3502900 r4:c0283250 [ 14.588916] kobj_attr_store from sysfs_kf_write+0x40/0x4c [ 14.588936] r5:c3502900 r4:c0d92a48 [ 14.588939] sysfs_kf_write from kernfs_fop_write_iter+0x104/0x1f0 [ 14.588956] r5:c3502900 r4:c3501f40 [ 14.588960] kernfs_fop_write_iter from vfs_write+0x250/0x420 [ 14.588980] r10:c0e14b48 r9:00000000 r8:c25f5780 r7:00443398 r6:f09f9f68 r5:c34f7f00 [ 14.588983] r4:c042a88c [ 14.588987] vfs_write from ksys_write+0x74/0xe4 [ 14.589005] r10:00000004 r9:c25f5780 r8:c02002fA0 r7:00000000 r6:00000000 r5:c34f7f00 [ 14.589008] r4:c34f7f00 [ 14.589011] ksys_write from sys_write+0x10/0x14 [ 14.589029] r7:00000004 r6:004421c0 r5:00443398 r4:00000004 [ 14.589032] sys_write from ret_fast_syscall+0x0/0x5c [ 14.589044] Exception stack(0xf09f9fa8 to 0xf09f9ff0) [ 14.589050] 9fa0: 00000004 00443398 00000004 00443398 00000004 00000001 [ 14.589056] 9fc0: 00000004 00443398 004421c0 00000004 b6ecbd58 00000008 bebfbc38 0043eb78 [ 14.589062] 9fe0: 00440eb0 bebfbaf8 b6de18a0 b6e579e8 [ 14.589065] ---[ end trace 0000000000000000 ]--- The fix uses the higher level nand_reset(chip, chipnr); where chipnr = 0, when doing PM resume operation in compliance with the controller support for single die nand chip. Switching from nand_reset_op() to nan ---truncated--- CVE-2025-37840 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37840.html CVE-2025-37840 https://bugzilla.suse.com/1242953 SUSE Bug 1242953 In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference. CVE-2025-37841 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37841.html CVE-2025-37841 https://bugzilla.suse.com/1242974 SUSE Bug 1242974 In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kernel panic. Drop the remove function and use devm_add_action_or_reset() for driver cleanup to ensure the release sequence. Trigger kernel panic on i.MX8MQ by echo 30bb0000.spi >/sys/bus/platform/drivers/fsl-quadspi/unbind CVE-2025-37842 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37842.html CVE-2025-37842 https://bugzilla.suse.com/1242951 SUSE Bug 1242951 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. Note only does this leak the corresponding memory when the vCPU is destroyed but it can also lead to use-after-free if the redistributor device handling tries to walk into the vCPU. Add the missing cleanup to kvm_arch_vcpu_create(), ensuring that the vGIC vCPU structures are destroyed on error. CVE-2025-37849 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37849.html CVE-2025-37849 https://bugzilla.suse.com/1243000 SUSE Bug 1243000 In the Linux kernel, the following vulnerability has been resolved: pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() With CONFIG_COMPILE_TEST && !CONFIG_HAVE_CLK, pwm_mediatek_config() has a divide-by-zero in the following line: do_div(resolution, clk_get_rate(pc->clk_pwms[pwm->hwpwm])); due to the fact that the !CONFIG_HAVE_CLK version of clk_get_rate() returns zero. This is presumably just a theoretical problem: COMPILE_TEST overrides the dependency on RALINK which would select COMMON_CLK. Regardless it's a good idea to check for the error explicitly to avoid divide-by-zero. Fixes the following warning: drivers/pwm/pwm-mediatek.o: warning: objtool: .text: unexpected end of section [ukleinek: s/CONFIG_CLK/CONFIG_HAVE_CLK/] CVE-2025-37850 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37850.html CVE-2025-37850 https://bugzilla.suse.com/1242955 SUSE Bug 1242955 In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Add 'plane' value check Function dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB of the enum parameter plane. The value of this parameter is initialized in dss_init_overlays and in the current state of the code it cannot take this value so it's not a real problem. For the purposes of defensive coding it wouldn't be superfluous to check the parameter value, because some functions down the call stack process this value correctly and some not. For example, in dispc_ovl_setup_global_alpha it may lead to buffer overflow. Add check for this value. Found by Linux Verification Center (linuxtesting.org) with SVACE static analysis tool. CVE-2025-37851 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37851.html CVE-2025-37851 https://bugzilla.suse.com/1242977 SUSE Bug 1242977 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Add error handling to propagate amdgpu_cgs_create_device() failures to the caller. When amdgpu_cgs_create_device() fails, release hwmgr and return -ENOMEM to prevent null pointer dereference. [v1]->[v2]: Change error code from -EINVAL to -ENOMEM. Free hwmgr. CVE-2025-37852 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37852.html CVE-2025-37852 https://bugzilla.suse.com/1243074 SUSE Bug 1243074 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: debugfs hang_hws skip GPU with MES debugfs hang_hws is used by GPU reset test with HWS, for MES this crash the kernel with NULL pointer access because dqm->packet_mgr is not setup for MES path. Skip GPU with MES for now, MES hang_hws debugfs interface will be supported later. CVE-2025-37853 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37853.html CVE-2025-37853 https://bugzilla.suse.com/1243076 SUSE Bug 1243076 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset crash issue If HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal user space to abort the processes. After process abort exit, user queues still use the GPU to access system memory before h/w is reset while KFD cleanup worker free system memory and free VRAM. There is use-after-free race bug that KFD allocate and reuse the freed system memory, and user queue write to the same system memory to corrupt the data structure and cause driver crash. To fix this race, KFD cleanup worker terminate user queues, then flush reset_domain wq to wait for any GPU ongoing reset complete, and then free outstanding BOs. CVE-2025-37854 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37854.html CVE-2025-37854 https://bugzilla.suse.com/1243082 SUSE Bug 1243082 In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calculates allocation group (AG) size using 1 << l2agsize in dbExtendFS(). When l2agsize exceeds 31 (possible with >2TB aggregates on 32-bit systems), this 32-bit shift operation causes undefined behavior and improper AG sizing. On 32-bit architectures: - Left-shifting 1 by 32+ bits results in 0 due to integer overflow - This creates invalid AG sizes (0 or garbage values) in sbi->bmap->db_agsize - Subsequent block allocations would reference invalid AG structures - Could lead to: - Filesystem corruption during extend operations - Kernel crashes due to invalid memory accesses - Security vulnerabilities via malformed on-disk structures Fix by casting to s64 before shifting: bmp->db_agsize = (s64)1 << l2agsize; This ensures 64-bit arithmetic even on 32-bit architectures. The cast matches the data type of db_agsize (s64) and follows similar patterns in JFS block calculation code. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-37858 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37858.html CVE-2025-37858 https://bugzilla.suse.com/1243049 SUSE Bug 1243049 In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; consequently, we cannot netif_set_tso_max_size() or _segs() at this point. Move those netif calls to ef100_probe_netdev(), and also replace netif_err within the design params code with pci_err. CVE-2025-37860 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37860.html CVE-2025-37860 https://bugzilla.suse.com/1241452 SUSE Bug 1241452 In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Silence oversized kvmalloc() warning syzkaller triggered an oversized kvmalloc() warning. Silence it by adding __GFP_NOWARN. syzkaller log: WARNING: CPU: 7 PID: 518 at mm/util.c:665 __kvmalloc_node_noprof+0x175/0x180 CPU: 7 UID: 0 PID: 518 Comm: c_repro Not tainted 6.11.0-rc6+ #6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:__kvmalloc_node_noprof+0x175/0x180 RSP: 0018:ffffc90001e67c10 EFLAGS: 00010246 RAX: 0000000000000100 RBX: 0000000000000400 RCX: ffffffff8149d46b RDX: 0000000000000000 RSI: ffff8881030fae80 RDI: 0000000000000002 RBP: 000000712c800000 R08: 0000000000000100 R09: 0000000000000000 R10: ffffc90001e67c10 R11: 0030ae0601000000 R12: 0000000000000000 R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000000 FS: 00007fde79159740(0000) GS:ffff88813bdc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000180 CR3: 0000000105eb4005 CR4: 00000000003706b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ib_umem_odp_get+0x1f6/0x390 mlx5_ib_reg_user_mr+0x1e8/0x450 ib_uverbs_reg_mr+0x28b/0x440 ib_uverbs_write+0x7d3/0xa30 vfs_write+0x1ac/0x6c0 ksys_write+0x134/0x170 ? __sanitizer_cov_trace_pc+0x1c/0x50 do_syscall_64+0x50/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2025-37867 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37867.html CVE-2025-37867 https://bugzilla.suse.com/1242948 SUSE Bug 1242948 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail [Why] When link training fails, the phy clock will be disabled. However, in enable_streams, it is assumed that link training succeeded and the mux selects the phy clock, causing a hang when a register write is made. [How] When enable_stream is hit, check if link training failed. If it did, fall back to the ref clock to avoid a hang and keep the system in a recoverable state. CVE-2025-37870 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37870.html CVE-2025-37870 https://bugzilla.suse.com/1243056 SUSE Bug 1243056 In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a failed dl_recall queue operation: T1 T2 nfs4_laundromat nfs4_get_client_reaplist nfs4_anylock_blockers __break_lease spin_lock // ctx->flc_lock spin_lock // clp->cl_lock nfs4_lockowner_has_blockers locks_owner_has_blockers spin_lock // flctx->flc_lock nfsd_break_deleg_cb nfsd_break_one_deleg nfs4_put_stid refcount_dec_and_lock spin_lock // clp->cl_lock When a file is opened, an nfs4_delegation is allocated with sc_count initialized to 1, and the file_lease holds a reference to the delegation. The file_lease is then associated with the file through kernel_setlease. The disassociation is performed in nfsd4_delegreturn via the following call chain: nfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg --> nfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease The corresponding sc_count reference will be released after this disassociation. Since nfsd_break_one_deleg executes while holding the flc_lock, the disassociation process becomes blocked when attempting to acquire flc_lock in generic_delete_lease. This means: 1) sc_count in nfsd_break_one_deleg will not be decremented to 0; 2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to acquire cl_lock; 3) Consequently, no deadlock condition is created. Given that sc_count in nfsd_break_one_deleg remains non-zero, we can safely perform refcount_dec on sc_count directly. This approach effectively avoids triggering deadlock warnings. CVE-2025-37871 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37871.html CVE-2025-37871 https://bugzilla.suse.com/1242949 SUSE Bug 1242949 In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix missing ring index trim on error path Commit under Fixes converted tx_prod to be free running but missed masking it on the Tx error path. This crashes on error conditions, for example when DMA mapping fails. CVE-2025-37873 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37873.html CVE-2025-37873 https://bugzilla.suse.com/1242961 SUSE Bug 1242961 In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle is triggered results in unreliable PTM operation. To fix this, clear the PTM 'trigger' and status after each PTM transaction. The issue can be reproduced with the following: $ sudo phc2sys -R 1000 -O 0 -i tsn0 -m Note: 1000 Hz (-R 1000) is unrealistically large, but provides a way to quickly reproduce the issue. PHC2SYS exits with: "ioctl PTP_OFFSET_PRECISE: Connection timed out" when the PTM transaction fails This patch also fixes a hang in igc_probe() when loading the igc driver in the kdump kernel on systems supporting PTM. The igc driver running in the base kernel enables PTM trigger in igc_probe(). Therefore the driver is always in PTM trigger mode, except in brief periods when manually triggering a PTM cycle. When a crash occurs, the NIC is reset while PTM trigger is enabled. Due to a hardware problem, the NIC is subsequently in a bad busmaster state and doesn't handle register reads/writes. When running igc_probe() in the kdump kernel, the first register access to a NIC register hangs driver probing and ultimately breaks kdump. With this patch, igc has PTM trigger disabled most of the time, and the trigger is only enabled for very brief (10 - 100 us) periods when manually triggering a PTM cycle. Chances that a crash occurs during a PTM trigger are not 0, but extremely reduced. CVE-2025-37875 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37875.html CVE-2025-37875 https://bugzilla.suse.com/1242959 SUSE Bug 1242959 In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negative) <= rsize (positive) because both variables were signed. Make variables unsigned to avoid this problem. The reproducer linked below now fails with the following error instead of a null pointer deref: 9pnet: bogus RWRITE count (4294967295 > 3) CVE-2025-37879 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37879.html CVE-2025-37879 https://bugzilla.suse.com/1243077 SUSE Bug 1243077 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() The variable d->name, returned by devm_kasprintf(), could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in commit 3027e7b15b02 ("ice: Fix some null pointer dereference issues in ice_ptp.c"). This issue is found by our static analysis tool CVE-2025-37881 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37881.html CVE-2025-37881 https://bugzilla.suse.com/1242973 SUSE Bug 1242973 In the Linux kernel, the following vulnerability has been resolved: pds_core: make wait_context part of q_info Make the wait_context a full part of the q_info struct rather than a stack variable that goes away after pdsc_adminq_post() is done so that the context is still available after the wait loop has given up. There was a case where a slow development firmware caused the adminq request to time out, but then later the FW finally finished the request and sent the interrupt. The handler tried to complete_all() the completion context that had been created on the stack in pdsc_adminq_post() but no longer existed. This caused bad pointer usage, kernel crashes, and much wailing and gnashing of teeth. CVE-2025-37886 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37886.html CVE-2025-37886 https://bugzilla.suse.com/1242944 SUSE Bug 1242944 In the Linux kernel, the following vulnerability has been resolved: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result If the FW doesn't support the PDS_CORE_CMD_FW_CONTROL command the driver might at the least print garbage and at the worst crash when the user runs the "devlink dev info" devlink command. This happens because the stack variable fw_list is not 0 initialized which results in fw_list.num_fw_slots being a garbage value from the stack. Then the driver tries to access fw_list.fw_names[i] with i >= ARRAY_SIZE and runs off the end of the array. Fix this by initializing the fw_list and by not failing completely if the devcmd fails because other useful information is printed via devlink dev info even if the devcmd fails. CVE-2025-37887 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37887.html CVE-2025-37887 https://bugzilla.suse.com/1242962 SUSE Bug 1242962 In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Consistently treat platform_max as control value This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min"), and makes some additional related updates. There are two ways the platform_max could be interpreted; the maximum register value, or the maximum value the control can be set to. The patch moved from treating the value as a control value to a register one. When the patch was applied it was technically correct as snd_soc_limit_volume() also used the register interpretation. However, even then most of the other usages treated platform_max as a control value, and snd_soc_limit_volume() has since been updated to also do so in commit fb9ad24485087 ("ASoC: ops: add correct range check for limiting volume"). That patch however, missed updating snd_soc_put_volsw() back to the control interpretation, and fixing snd_soc_info_volsw_range(). The control interpretation makes more sense as limiting is typically done from the machine driver, so it is appropriate to use the customer facing representation rather than the internal codec representation. Update all the code to consistently use this interpretation of platform_max. Finally, also add some comments to the soc_mixer_control struct to hopefully avoid further patches switching between the two approaches. CVE-2025-37889 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37889.html CVE-2025-37889 https://bugzilla.suse.com/1242945 SUSE Bug 1242945 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/ CVE-2025-37890 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37890.html CVE-2025-37890 https://bugzilla.suse.com/1243330 SUSE Bug 1243330 In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its size is 4, as it was supposed to be the max size for a MIDI1 UMP packet data. However, the implementation overlooked that SysEx is handled in a different format, and it can be up to 6 bytes, as found in do_convert_to_ump(). It leads eventually to a buffer overflow, and may corrupt the memory when a longer SysEx message is received. The fix is simply to extend the buffer size to 6 to fit with the SysEx UMP message. CVE-2025-37891 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37891.html CVE-2025-37891 https://bugzilla.suse.com/1243589 SUSE Bug 1243589 In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob() need to be checked. A proper implementation can be found in INFTL_deleteblock(). The status will be set as SECTOR_IGNORE to break from the while-loop correctly if the inftl_read_oob() fails. CVE-2025-37892 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37892.html CVE-2025-37892 https://bugzilla.suse.com/1243536 SUSE Bug 1243536 In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release plfxlc_mac_release() asserts that mac->lock is held. This assertion is incorrect, because even if it was possible, it would not be the valid behaviour. The function is used when probe fails or after the device is disconnected. In both cases mac->lock can not be held as the driver is not working with the device at the moment. All functions that use mac->lock unlock it just after it was held. There is also no need to hold mac->lock for plfxlc_mac_release() itself, as mac data is not affected, except for mac->flags, which is modified atomically. This bug leads to the following warning: ================================================================ WARNING: CPU: 0 PID: 127 at drivers/net/wireless/purelifi/plfxlc/mac.c:106 plfxlc_mac_release+0x7d/0xa0 Modules linked in: CPU: 0 PID: 127 Comm: kworker/0:2 Not tainted 6.1.124-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: usb_hub_wq hub_event RIP: 0010:plfxlc_mac_release+0x7d/0xa0 drivers/net/wireless/purelifi/plfxlc/mac.c:106 Call Trace: <TASK> probe+0x941/0xbd0 drivers/net/wireless/purelifi/plfxlc/usb.c:694 usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785 driver_probe_device+0x50/0x420 drivers/base/dd.c:815 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429 __device_attach+0x359/0x570 drivers/base/dd.c:1015 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489 device_add+0xb48/0xfd0 drivers/base/core.c:3696 usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165 usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238 usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293 really_probe+0x2ab/0xcb0 drivers/base/dd.c:639 __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785 driver_probe_device+0x50/0x420 drivers/base/dd.c:815 __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943 bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429 __device_attach+0x359/0x570 drivers/base/dd.c:1015 bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489 device_add+0xb48/0xfd0 drivers/base/core.c:3696 usb_new_device+0xbdd/0x18f0 drivers/usb/core/hub.c:2620 hub_port_connect drivers/usb/core/hub.c:5477 [inline] hub_port_connect_change drivers/usb/core/hub.c:5617 [inline] port_event drivers/usb/core/hub.c:5773 [inline] hub_event+0x2efe/0x5730 drivers/usb/core/hub.c:5855 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> ================================================================ Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2025-37897 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37897.html CVE-2025-37897 https://bugzilla.suse.com/1243534 SUSE Bug 1243534 In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommu_copy_struct_from_user() In the review for iommu_copy_struct_to_user() helper, Matt pointed out that a NULL pointer should be rejected prior to dereferencing it: https://lore.kernel.org/all/86881827-8E2D-461C-BDA3-FA8FD14C343C@nvidia.com And Alok pointed out a typo at the same time: https://lore.kernel.org/all/480536af-6830-43ce-a327-adbd13dc3f1d@oracle.com Since both issues were copied from iommu_copy_struct_from_user(), fix them first in the current header. CVE-2025-37900 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37900.html CVE-2025-37900 https://bugzilla.suse.com/1243560 SUSE Bug 1243560 In the Linux kernel, the following vulnerability has been resolved: irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs On Qualcomm chipsets not all GPIOs are wakeup capable. Those GPIOs do not have a corresponding MPM pin and should not be handled inside the MPM driver. The IRQ domain hierarchy is always applied, so it's required to explicitly disconnect the hierarchy for those. The pinctrl-msm driver marks these with GPIO_NO_WAKE_IRQ. qcom-pdc has a check for this, but irq-qcom-mpm is currently missing the check. This is causing crashes when setting up interrupts for non-wake GPIOs: root@rb1:~# gpiomon -c gpiochip1 10 irq: IRQ159: trimming hierarchy from :soc@0:interrupt-controller@f200000-1 Unable to handle kernel paging request at virtual address ffff8000a1dc3820 Hardware name: Qualcomm Technologies, Inc. Robotics RB1 (DT) pc : mpm_set_type+0x80/0xcc lr : mpm_set_type+0x5c/0xcc Call trace: mpm_set_type+0x80/0xcc (P) qcom_mpm_set_type+0x64/0x158 irq_chip_set_type_parent+0x20/0x38 msm_gpio_irq_set_type+0x50/0x530 __irq_set_trigger+0x60/0x184 __setup_irq+0x304/0x6bc request_threaded_irq+0xc8/0x19c edge_detector_setup+0x260/0x364 linereq_create+0x420/0x5a8 gpio_ioctl+0x2d4/0x6c0 Fix this by copying the check for GPIO_NO_WAKE_IRQ from qcom-pdc.c, so that MPM is removed entirely from the hierarchy for non-wake GPIOs. CVE-2025-37901 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37901.html CVE-2025-37901 https://bugzilla.suse.com/1243559 SUSE Bug 1243559 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the corresponding amdgpu_dm_connector objects are freed, creating dangling pointers in the HDCP code. When the dock is plugged back, the dangling pointers are dereferenced, resulting in a slab-use-after-free: [ 66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10 [ 66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233 [ 66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024 [ 66.776186] Workqueue: events event_property_validate [amdgpu] [ 66.776494] Call Trace: [ 66.776496] <TASK> [ 66.776497] dump_stack_lvl+0x70/0xa0 [ 66.776504] print_report+0x175/0x555 [ 66.776507] ? __virt_addr_valid+0x243/0x450 [ 66.776510] ? kasan_complete_mode_report_info+0x66/0x1c0 [ 66.776515] kasan_report+0xeb/0x1c0 [ 66.776518] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776819] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777121] __asan_report_load4_noabort+0x14/0x20 [ 66.777124] event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777342] ? __lock_acquire+0x6b40/0x6b40 [ 66.777347] ? enable_assr+0x250/0x250 [amdgpu] [ 66.777571] process_one_work+0x86b/0x1510 [ 66.777575] ? pwq_dec_nr_in_flight+0xcf0/0xcf0 [ 66.777578] ? assign_work+0x16b/0x280 [ 66.777580] ? lock_is_held_type+0xa3/0x130 [ 66.777583] worker_thread+0x5c0/0xfa0 [ 66.777587] ? process_one_work+0x1510/0x1510 [ 66.777588] kthread+0x3a2/0x840 [ 66.777591] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777594] ? trace_hardirqs_on+0x4f/0x60 [ 66.777597] ? _raw_spin_unlock_irq+0x27/0x60 [ 66.777599] ? calculate_sigpending+0x77/0xa0 [ 66.777602] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777605] ret_from_fork+0x40/0x90 [ 66.777607] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777609] ret_from_fork_asm+0x11/0x20 [ 66.777614] </TASK> [ 66.777643] Allocated by task 10: [ 66.777646] kasan_save_stack+0x39/0x60 [ 66.777649] kasan_save_track+0x14/0x40 [ 66.777652] kasan_save_alloc_info+0x37/0x50 [ 66.777655] __kasan_kmalloc+0xbb/0xc0 [ 66.777658] __kmalloc_cache_noprof+0x1c8/0x4b0 [ 66.777661] dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu] [ 66.777880] drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper] [ 66.777892] drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper] [ 66.777901] drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper] [ 66.777909] drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper] [ 66.777917] process_one_work+0x86b/0x1510 [ 66.777919] worker_thread+0x5c0/0xfa0 [ 66.777922] kthread+0x3a2/0x840 [ 66.777925] ret_from_fork+0x40/0x90 [ 66.777927] ret_from_fork_asm+0x11/0x20 [ 66.777932] Freed by task 1713: [ 66.777935] kasan_save_stack+0x39/0x60 [ 66.777938] kasan_save_track+0x14/0x40 [ 66.777940] kasan_save_free_info+0x3b/0x60 [ 66.777944] __kasan_slab_free+0x52/0x70 [ 66.777946] kfree+0x13f/0x4b0 [ 66.777949] dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu] [ 66.778179] drm_connector_free+0x7d/0xb0 [ 66.778184] drm_mode_object_put.part.0+0xee/0x160 [ 66.778188] drm_mode_object_put+0x37/0x50 [ 66.778191] drm_atomic_state_default_clear+0x220/0xd60 [ 66.778194] __drm_atomic_state_free+0x16e/0x2a0 [ 66.778197] drm_mode_atomic_ioctl+0x15ed/0x2ba0 [ 66.778200] drm_ioctl_kernel+0x17a/0x310 [ 66.778203] drm_ioctl+0x584/0xd10 [ 66.778206] amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu] [ 66.778375] __x64_sys_ioctl+0x139/0x1a0 [ 66.778378] x64_sys_call+0xee7/0xfb0 [ 66.778381] ---truncated--- CVE-2025-37903 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37903.html CVE-2025-37903 https://bugzilla.suse.com/1243562 SUSE Bug 1243562 In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Balance device refcount when destroying devices Using device_find_child() to lookup the proper SCMI device to destroy causes an unbalance in device refcount, since device_find_child() calls an implicit get_device(): this, in turns, inhibits the call of the provided release methods upon devices destruction. As a consequence, one of the structures that is not freed properly upon destruction is the internal struct device_private dev->p populated by the drivers subsystem core. KMemleak detects this situation since loading/unloding some SCMI driver causes related devices to be created/destroyed without calling any device_release method. unreferenced object 0xffff00000f583800 (size 512): comm "insmod", pid 227, jiffies 4294912190 hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 60 36 1d 8a 00 80 ff ff ........`6...... backtrace (crc 114e2eed): kmemleak_alloc+0xbc/0xd8 __kmalloc_cache_noprof+0x2dc/0x398 device_add+0x954/0x12d0 device_register+0x28/0x40 __scmi_device_create.part.0+0x1bc/0x380 scmi_device_create+0x2d0/0x390 scmi_create_protocol_devices+0x74/0xf8 scmi_device_request_notifier+0x1f8/0x2a8 notifier_call_chain+0x110/0x3b0 blocking_notifier_call_chain+0x70/0xb0 scmi_driver_register+0x350/0x7f0 0xffff80000a3b3038 do_one_initcall+0x12c/0x730 do_init_module+0x1dc/0x640 load_module+0x4b20/0x5b70 init_module_from_file+0xec/0x158 $ ./scripts/faddr2line ./vmlinux device_add+0x954/0x12d0 device_add+0x954/0x12d0: kmalloc_noprof at include/linux/slab.h:901 (inlined by) kzalloc_noprof at include/linux/slab.h:1037 (inlined by) device_private_init at drivers/base/core.c:3510 (inlined by) device_add at drivers/base/core.c:3561 Balance device refcount by issuing a put_device() on devices found via device_find_child(). CVE-2025-37905 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37905.html CVE-2025-37905 https://bugzilla.suse.com/1243456 SUSE Bug 1243456 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcpy() during ethtool -w When retrieving the FW coredump using ethtool, it can sometimes cause memory corruption: BUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] Corrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ] (in kfence-#45): __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] ethtool_get_dump_data+0xdc/0x1a0 __dev_ethtool+0xa1e/0x1af0 dev_ethtool+0xa8/0x170 dev_ioctl+0x1b5/0x580 sock_do_ioctl+0xab/0xf0 sock_ioctl+0x1ce/0x2e0 __x64_sys_ioctl+0x87/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x78/0x80 ... This happens when copying the coredump segment list in bnxt_hwrm_dbg_dma_data() with the HWRM_DBG_COREDUMP_LIST FW command. The info->dest_buf buffer is allocated based on the number of coredump segments returned by the FW. The segment list is then DMA'ed by the FW and the length of the DMA is returned by FW. The driver then copies this DMA'ed segment list to info->dest_buf. In some cases, this DMA length may exceed the info->dest_buf length and cause the above BUG condition. Fix it by capping the copy length to not exceed the length of info->dest_buf. The extra DMA data contains no useful information. This code path is shared for the HWRM_DBG_COREDUMP_LIST and the HWRM_DBG_COREDUMP_RETRIEVE FW commands. The buffering is different for these 2 FW commands. To simplify the logic, we need to move the line to adjust the buffer length for HWRM_DBG_COREDUMP_RETRIEVE up, so that the new check to cap the copy length will work for both commands. CVE-2025-37911 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37911.html CVE-2025-37911 https://bugzilla.suse.com/1243469 SUSE Bug 1243469 In the Linux kernel, the following vulnerability has been resolved: ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() As mentioned in the commit baeb705fd6a7 ("ice: always check VF VSI pointer values"), we need to perform a null pointer check on the return value of ice_get_vf_vsi() before using it. CVE-2025-37912 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37912.html CVE-2025-37912 https://bugzilla.suse.com/1243470 SUSE Bug 1243470 In the Linux kernel, the following vulnerability has been resolved: net_sched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of qfq, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. This patch checks whether the class was already added to the agg->active list (cl_is_active) before doing the addition to cater for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/ CVE-2025-37913 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37913.html CVE-2025-37913 https://bugzilla.suse.com/1243471 SUSE Bug 1243471 In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of ets, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In addition to checking for qlen being zero, this patch checks whether the class was already added to the active_list (cl_is_active) before doing the addition to cater for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/ CVE-2025-37914 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37914.html CVE-2025-37914 https://bugzilla.suse.com/1243472 SUSE Bug 1243472 In the Linux kernel, the following vulnerability has been resolved: net_sched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drr, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In addition to checking for qlen being zero, this patch checks whether the class was already added to the active_list (cl_is_active) before adding to the list to cover for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/ CVE-2025-37915 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37915.html CVE-2025-37915 https://bugzilla.suse.com/1243473 SUSE Bug 1243473 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() A NULL pointer dereference can occur in skb_dequeue() when processing a QCA firmware crash dump on WCN7851 (0489:e0f3). [ 93.672166] Bluetooth: hci0: ACL memdump size(589824) [ 93.672475] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 93.672517] Workqueue: hci0 hci_devcd_rx [bluetooth] [ 93.672598] RIP: 0010:skb_dequeue+0x50/0x80 The issue stems from handle_dump_pkt_qca() returning 0 even when a dump packet is successfully processed. This is because it incorrectly forwards the return value of hci_devcd_init() (which returns 0 on success). As a result, the caller (btusb_recv_acl_qca() or btusb_recv_evt_qca()) assumes the packet was not handled and passes it to hci_recv_frame(), leading to premature kfree() of the skb. Later, hci_devcd_rx() attempts to dequeue the same skb from the dump queue, resulting in a NULL pointer dereference. Fix this by: 1. Making handle_dump_pkt_qca() return 0 on success and negative errno on failure, consistent with kernel conventions. 2. Splitting dump packet detection into separate functions for ACL and event packets for better structure and readability. This ensures dump packets are properly identified and consumed, avoiding double handling and preventing NULL pointer access. CVE-2025-37918 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37918.html CVE-2025-37918 https://bugzilla.suse.com/1243476 SUSE Bug 1243476 In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted 6.12.0-rc4-syzkaller-00085-g4e46774408d9 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 RIP: 0010:clear_inode+0x168/0x190 Code: 4c 89 f7 e8 ba fe e5 ff e9 61 ff ff ff 44 89 f1 80 e1 07 80 c1 03 38 c1 7c c1 4c 89 f7 e8 90 ff e5 ff eb b7 0b e8 01 5d 7f ff 90 0f 0b e8 f9 5c 7f ff 90 0f 0b e8 f1 5c 7f RSP: 0018:ffffc900027dfae8 EFLAGS: 00010093 RAX: ffffffff82157a87 RBX: 0000000000000001 RCX: ffff888104d4b980 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc900027dfc90 R08: ffffffff82157977 R09: fffff520004fbf38 R10: dffffc0000000000 R11: fffff520004fbf38 R12: dffffc0000000000 R13: ffff88811315bc00 R14: ffff88811315bda8 R15: ffff88811315bb80 FS: 0000000000000000(0000) GS:ffff888135f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005565222e0578 CR3: 0000000026ef0000 CR4: 00000000000006f0 Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? clear_inode+0x168/0x190 ? do_error_trap+0x1dc/0x2c0 ? clear_inode+0x168/0x190 ? __pfx_do_error_trap+0x10/0x10 ? report_bug+0x3cd/0x500 ? handle_invalid_op+0x34/0x40 ? clear_inode+0x168/0x190 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? clear_inode+0x57/0x190 ? clear_inode+0x167/0x190 ? clear_inode+0x168/0x190 ? clear_inode+0x167/0x190 jfs_evict_inode+0xb5/0x440 ? __pfx_jfs_evict_inode+0x10/0x10 evict+0x4ea/0x9b0 ? __pfx_evict+0x10/0x10 ? iput+0x713/0xa50 txUpdateMap+0x931/0xb10 ? __pfx_txUpdateMap+0x10/0x10 jfs_lazycommit+0x49a/0xb80 ? _raw_spin_unlock_irqrestore+0x8f/0x140 ? lockdep_hardirqs_on+0x99/0x150 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_default_wake_function+0x10/0x10 ? __kthread_parkme+0x169/0x1d0 ? __pfx_jfs_lazycommit+0x10/0x10 kthread+0x2f2/0x390 ? __pfx_jfs_lazycommit+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x4d/0x80 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> This happens when 'clear_inode()' makes an attempt to finalize an underlying JFS inode of unknown type. According to JFS layout description from https://jfs.sourceforge.net/project/pub/jfslayout.pdf, inode types from 5 to 15 are reserved for future extensions and should not be encountered on a valid filesystem. So add an extra check for valid inode type in 'copy_from_dinode()'. CVE-2025-37925 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37925.html CVE-2025-37925 https://bugzilla.suse.com/1241654 SUSE Bug 1241654 In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrink_work+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16! [ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug] [ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] __might_resched+0x190/0x1a8 [ 129.447694][ T934] shrink_work+0x180/0x248 [ 129.447706][ T934] process_one_work+0x260/0x624 [ 129.447718][ T934] worker_thread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] ret_from_fork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] ---[ end trace 0000000000000000 ]--- dm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet is enabled, and __scan will be called in atomic context. CVE-2025-37928 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37928.html CVE-2025-37928 https://bugzilla.suse.com/1243621 SUSE Bug 1243621 In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Commit a5951389e58d ("arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists") added some additional CPUs to the Spectre-BHB workaround, including some new arrays for designs that require new 'k' values for the workaround to be effective. Unfortunately, the new arrays omitted the sentinel entry and so is_midr_in_range_list() will walk off the end when it doesn't find a match. With UBSAN enabled, this leads to a crash during boot when is_midr_in_range_list() is inlined (which was more common prior to c8c2647e69be ("arm64: Make _midr_in_range_list() an exported function")): | Internal error: aarch64 BRK: 00000000f2000001 [#1] PREEMPT SMP | pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : spectre_bhb_loop_affected+0x28/0x30 | lr : is_spectre_bhb_affected+0x170/0x190 | [...] | Call trace: | spectre_bhb_loop_affected+0x28/0x30 | update_cpu_capabilities+0xc0/0x184 | init_cpu_features+0x188/0x1a4 | cpuinfo_store_boot_cpu+0x4c/0x60 | smp_prepare_boot_cpu+0x38/0x54 | start_kernel+0x8c/0x478 | __primary_switched+0xc8/0xd4 | Code: 6b09011f 54000061 52801080 d65f03c0 (d4200020) | ---[ end trace 0000000000000000 ]--- | Kernel panic - not syncing: aarch64 BRK: Fatal exception Add the missing sentinel entries. CVE-2025-37929 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37929.html CVE-2025-37929 https://bugzilla.suse.com/1243624 SUSE Bug 1243624 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Nouveau is mostly designed in a way that it's expected that fences only ever get signaled through nouveau_fence_signal(). However, in at least one other place, nouveau_fence_done(), can signal fences, too. If that happens (race) a signaled fence remains in the pending list for a while, until it gets removed by nouveau_fence_update(). Should nouveau_fence_context_kill() run in the meantime, this would be a bug because the function would attempt to set an error code on an already signaled fence. Have nouveau_fence_context_kill() check for a fence being signaled. CVE-2025-37930 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37930.html CVE-2025-37930 https://bugzilla.suse.com/1243625 SUSE Bug 1243625 In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty blocks sometimes, so this in fact affects all metadata writes. When writing out a subpage EB we scan the subpage bitmap for a dirty range. If the range isn't dirty we do bit_start++; to move onto the next bit. The problem is the bitmap is based on the number of sectors that an EB has. So in this case, we have a 64k pagesize, 16k nodesize, but a 4k sectorsize. This means our bitmap is 4 bits for every node. With a 64k page size we end up with 4 nodes per page. To make this easier this is how everything looks [0 16k 32k 48k ] logical address [0 4 8 12 ] radix tree offset [ 64k page ] folio [ 16k eb ][ 16k eb ][ 16k eb ][ 16k eb ] extent buffers [ | | | | | | | | | | | | | | | | ] bitmap Now we use all of our addressing based on fs_info->sectorsize_bits, so as you can see the above our 16k eb->start turns into radix entry 4. When we find a dirty range for our eb, we correctly do bit_start += sectors_per_node, because if we start at bit 0, the next bit for the next eb is 4, to correspond to eb->start 16k. However if our range is clean, we will do bit_start++, which will now put us offset from our radix tree entries. In our case, assume that the first time we check the bitmap the block is not dirty, we increment bit_start so now it == 1, and then we loop around and check again. This time it is dirty, and we go to find that start using the following equation start = folio_start + bit_start * fs_info->sectorsize; so in the case above, eb->start 0 is now dirty, and we calculate start as 0 + 1 * fs_info->sectorsize = 4096 4096 >> 12 = 1 Now we're looking up the radix tree for 1, and we won't find an eb. What's worse is now we're using bit_start == 1, so we do bit_start += sectors_per_node, which is now 5. If that eb is dirty we will run into the same thing, we will look at an offset that is not populated in the radix tree, and now we're skipping the writeout of dirty extent buffers. The best fix for this is to not use sectorsize_bits to address nodes, but that's a larger change. Since this is a fs corruption problem fix it simply by always using sectors_per_node to increment the start bit. CVE-2025-37931 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37931.html CVE-2025-37931 https://bugzilla.suse.com/1243626 SUSE Bug 1243626 In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life. CVE-2025-37932 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37932.html CVE-2025-37932 https://bugzilla.suse.com/1243627 SUSE Bug 1243627 In the Linux kernel, the following vulnerability has been resolved: objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() If dib8000_set_dds()'s call to dib8000_read32() returns zero, the result is a divide-by-zero. Prevent that from happening. Fixes the following warning with an UBSAN kernel: drivers/media/dvb-frontends/dib8000.o: warning: objtool: dib8000_tune() falls through to next function dib8096p_cfg_DibRx() CVE-2025-37937 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37937.html CVE-2025-37937 https://bugzilla.suse.com/1243540 SUSE Bug 1243540 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 CVE-2025-37943 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37943.html CVE-2025-37943 https://bugzilla.suse.com/1243509 SUSE Bug 1243509 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next entry from the destination ring. This is incorrect because ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination rings. This leads to invalid entry fetches, causing potential data corruption or crashes due to accessing incorrect memory locations. This happens because the source ring and destination ring have different handling mechanisms and using the wrong function results in incorrect pointer arithmetic and ring management. To fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with ath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures that the correct function is used for fetching entries from the destination ring, preventing invalid memory accesses. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 CVE-2025-37944 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37944.html CVE-2025-37944 https://bugzilla.suse.com/1243530 SUSE Bug 1243530 In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp. CVE-2025-37948 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37948.html CVE-2025-37948 https://bugzilla.suse.com/1243649 SUSE Bug 1243649 In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace: <TASK> __wake_up_common_lock+0x82/0xd0 process_msg+0x18e/0x2f0 xenbus_thread+0x165/0x1c0 process_msg+0x18e is req->cb(req). req->cb is set to xs_wake_up(), a thin wrapper around wake_up(), or xenbus_dev_queue_reply(). It seems like it was xs_wake_up() in this case. It seems like req may have woken up the xs_wait_for_reply(), which kfree()ed the req. When xenbus_thread resumes, it faults on the zero-ed data. Linux Device Drivers 2nd edition states: "Normally, a wake_up call can cause an immediate reschedule to happen, meaning that other processes might run before wake_up returns." ... which would match the behaviour observed. Change to keeping two krefs on each request. One for the caller, and one for xenbus_thread. Each will kref_put() when finished, and the last will free it. This use of kref matches the description in Documentation/core-api/kref.rst CVE-2025-37949 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37949.html CVE-2025-37949 https://bugzilla.suse.com/1243541 SUSE Bug 1243541 In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Add job to pending list if the reset was skipped When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. However, when `timedout_job()` is called, the job in question is removed from the pending list, which means it won't be automatically freed through `free_job()`. Consequently, when we skip the reset and keep the job running, the job won't be freed when it finally completes. This situation leads to a memory leak, as exposed in [1] and [2]. Similarly to commit 704d3d60fec4 ("drm/etnaviv: don't block scheduler when GPU is still active"), this patch ensures the job is put back on the pending list when extending the timeout. CVE-2025-37951 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37951.html CVE-2025-37951 https://bugzilla.suse.com/1243659 SUSE Bug 1243659 In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_deactivate() idempotent Alan reported a NULL pointer dereference in htb_next_rb_node() after we made htb_qlen_notify() idempotent. It turns out in the following case it introduced some regression: htb_dequeue_tree(): |-> fq_codel_dequeue() |-> qdisc_tree_reduce_backlog() |-> htb_qlen_notify() |-> htb_deactivate() |-> htb_next_rb_node() |-> htb_deactivate() For htb_next_rb_node(), after calling the 1st htb_deactivate(), the clprio[prio]->ptr could be already set to NULL, which means htb_next_rb_node() is vulnerable here. For htb_deactivate(), although we checked qlen before calling it, in case of qlen==0 after qdisc_tree_reduce_backlog(), we may call it again which triggers the warning inside. To fix the issues here, we need to: 1) Make htb_deactivate() idempotent, that is, simply return if we already call it before. 2) Make htb_next_rb_node() safe against ptr==NULL. Many thanks to Alan for testing and for the reproducer. CVE-2025-37953 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37953.html CVE-2025-37953 https://bugzilla.suse.com/1243543 SUSE Bug 1243543 In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir might race with a lease break, meaning open_cached_dir doesn't consider it valid, and thinks it's newly-constructed. This leaks a dentry reference if the allocation occurs before the queued lease break work runs. Avoid the race by extending holding the cfid_list_lock across find_or_create_cached_dir and when the result is checked. CVE-2025-37954 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37954.html CVE-2025-37954 https://bugzilla.suse.com/1243664 SUSE Bug 1243664 In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Previously, commit ed129ec9057f ("KVM: x86: forcibly leave nested mode on vCPU reset") addressed an issue where a triple fault occurring in nested mode could lead to use-after-free scenarios. However, the commit did not handle the analogous situation for System Management Mode (SMM). This omission results in triggering a WARN when KVM forces a vCPU INIT after SHUTDOWN interception while the vCPU is in SMM. This situation was reprodused using Syzkaller by: 1) Creating a KVM VM and vCPU 2) Sending a KVM_SMI ioctl to explicitly enter SMM 3) Executing invalid instructions causing consecutive exceptions and eventually a triple fault The issue manifests as follows: WARNING: CPU: 0 PID: 25506 at arch/x86/kvm/x86.c:12112 kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Modules linked in: CPU: 0 PID: 25506 Comm: syz-executor.0 Not tainted 6.1.130-syzkaller-00157-g164fe5dde9b6 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:kvm_vcpu_reset+0x1d2/0x1530 arch/x86/kvm/x86.c:12112 Call Trace: <TASK> shutdown_interception+0x66/0xb0 arch/x86/kvm/svm/svm.c:2136 svm_invoke_exit_handler+0x110/0x530 arch/x86/kvm/svm/svm.c:3395 svm_handle_exit+0x424/0x920 arch/x86/kvm/svm/svm.c:3457 vcpu_enter_guest arch/x86/kvm/x86.c:10959 [inline] vcpu_run+0x2c43/0x5a90 arch/x86/kvm/x86.c:11062 kvm_arch_vcpu_ioctl_run+0x50f/0x1cf0 arch/x86/kvm/x86.c:11283 kvm_vcpu_ioctl+0x570/0xf00 arch/x86/kvm/../../../virt/kvm/kvm_main.c:4122 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Architecturally, INIT is blocked when the CPU is in SMM, hence KVM's WARN() in kvm_vcpu_reset() to guard against KVM bugs, e.g. to detect improper emulation of INIT. SHUTDOWN on SVM is a weird edge case where KVM needs to do _something_ sane with the VMCB, since it's technically undefined, and INIT is the least awful choice given KVM's ABI. So, double down on stuffing INIT on SHUTDOWN, and force the vCPU out of SMM to avoid any weirdness (and the WARN). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. [sean: massage changelog, make it clear this isn't architectural behavior] CVE-2025-37957 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37957.html CVE-2025-37957 https://bugzilla.suse.com/1243513 SUSE Bug 1243513 In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target folio. Since the PMD migration entry is locked, it cannot be served as the target. Mailing list discussion and explanation from Hugh Dickins: "An anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the "folio != pmd_folio((*pmd)" check (and the "risk of replacing the wrong folio" comment a few lines above it) is for." BUG: unable to handle page fault for address: ffffea60001db008 CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 Call Trace: <TASK> try_to_migrate_one+0x28c/0x3730 rmap_walk_anon+0x4f6/0x770 unmap_folio+0x196/0x1f0 split_huge_page_to_list_to_order+0x9f6/0x1560 deferred_split_scan+0xac5/0x12a0 shrinker_debugfs_scan_write+0x376/0x470 full_proxy_write+0x15c/0x220 vfs_write+0x2fc/0xcb0 ksys_write+0x146/0x250 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug is found by syzkaller on an internal kernel, then confirmed on upstream. CVE-2025-37958 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37958.html CVE-2025-37958 https://bugzilla.suse.com/1243539 SUSE Bug 1243539 In the Linux kernel, the following vulnerability has been resolved: bpf: Scrub packet on bpf_redirect_peer When bpf_redirect_peer is used to redirect packets to a device in another network namespace, the skb isn't scrubbed. That can lead skb information from one namespace to be "misused" in another namespace. As one example, this is causing Cilium to drop traffic when using bpf_redirect_peer to redirect packets that just went through IPsec decryption to a container namespace. The following pwru trace shows (1) the packet path from the host's XFRM layer to the container's XFRM layer where it's dropped and (2) the number of active skb extensions at each function. NETNS MARK IFACE TUPLE FUNC 4026533547 d00 eth0 10.244.3.124:35473->10.244.2.158:53 xfrm_rcv_cb .active_extensions = (__u8)2, 4026533547 d00 eth0 10.244.3.124:35473->10.244.2.158:53 xfrm4_rcv_cb .active_extensions = (__u8)2, 4026533547 d00 eth0 10.244.3.124:35473->10.244.2.158:53 gro_cells_receive .active_extensions = (__u8)2, [...] 4026533547 0 eth0 10.244.3.124:35473->10.244.2.158:53 skb_do_redirect .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 ip_rcv .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 ip_rcv_core .active_extensions = (__u8)2, [...] 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 udp_queue_rcv_one_skb .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 __xfrm_policy_check .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 __xfrm_decode_session .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 security_xfrm_decode_session .active_extensions = (__u8)2, 4026534999 0 eth0 10.244.3.124:35473->10.244.2.158:53 kfree_skb_reason(SKB_DROP_REASON_XFRM_POLICY) .active_extensions = (__u8)2, In this case, there are no XFRM policies in the container's network namespace so the drop is unexpected. When we decrypt the IPsec packet, the XFRM state used for decryption is set in the skb extensions. This information is preserved across the netns switch. When we reach the XFRM policy check in the container's netns, __xfrm_policy_check drops the packet with LINUX_MIB_XFRMINNOPOLS because a (container-side) XFRM policy can't be found that matches the (host-side) XFRM state used for decryption. This patch fixes this by scrubbing the packet when using bpf_redirect_peer, as is done on typical netns switches via veth devices except skb->mark and skb->tstamp are not zeroed. CVE-2025-37959 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37959.html CVE-2025-37959 https://bugzilla.suse.com/1243517 SUSE Bug 1243517 In the Linux kernel, the following vulnerability has been resolved: memblock: Accept allocated memory before use in memblock_double_array() When increasing the array size in memblock_double_array() and the slab is not yet available, a call to memblock_find_in_range() is used to reserve/allocate memory. However, the range returned may not have been accepted, which can result in a crash when booting an SNP guest: RIP: 0010:memcpy_orig+0x68/0x130 Code: ... RSP: 0000:ffffffff9cc03ce8 EFLAGS: 00010006 RAX: ff11001ff83e5000 RBX: 0000000000000000 RCX: fffffffffffff000 RDX: 0000000000000bc0 RSI: ffffffff9dba8860 RDI: ff11001ff83e5c00 RBP: 0000000000002000 R08: 0000000000000000 R09: 0000000000002000 R10: 000000207fffe000 R11: 0000040000000000 R12: ffffffff9d06ef78 R13: ff11001ff83e5000 R14: ffffffff9dba7c60 R15: 0000000000000c00 memblock_double_array+0xff/0x310 memblock_add_range+0x1fb/0x2f0 memblock_reserve+0x4f/0xa0 memblock_alloc_range_nid+0xac/0x130 memblock_alloc_internal+0x53/0xc0 memblock_alloc_try_nid+0x3d/0xa0 swiotlb_init_remap+0x149/0x2f0 mem_init+0xb/0xb0 mm_core_init+0x8f/0x350 start_kernel+0x17e/0x5d0 x86_64_start_reservations+0x14/0x30 x86_64_start_kernel+0x92/0xa0 secondary_startup_64_no_verify+0x194/0x19b Mitigate this by calling accept_memory() on the memory range returned before the slab is available. Prior to v6.12, the accept_memory() interface used a 'start' and 'end' parameter instead of 'start' and 'size', therefore the accept_memory() call must be adjusted to specify 'start + size' for 'end' when applying to kernels prior to v6.12. CVE-2025-37960 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37960.html CVE-2025-37960 https://bugzilla.suse.com/1243519 SUSE Bug 1243519 In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigate cBPF programs that were loaded by an unprivileged user. Privileged users can also load the same program via eBPF, making the mitigation pointless. CVE-2025-37963 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37963.html CVE-2025-37963 https://bugzilla.suse.com/1243660 SUSE Bug 1243660 In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Prevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty. CVE-2025-37969 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37969.html CVE-2025-37969 https://bugzilla.suse.com/1243574 SUSE Bug 1243574 In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Prevent st_lsm6dsx_read_fifo from falling in an infinite loop in case pattern_len is equal to zero and the device FIFO is not empty. CVE-2025-37970 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37970.html CVE-2025-37970 https://bugzilla.suse.com/1243575 SUSE Bug 1243575 In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button is parsed in the device tree. However, on hardware where the button is left floating, that node will most likely be removed not to enable that input. In that case the code will try to dereference a null pointer. Let's use the regs struct instead as it is defined for all supported platforms. Note that it is ok setting the key reg even if that latter is disabled as the interrupt won't be enabled anyway. CVE-2025-37972 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37972.html CVE-2025-37972 https://bugzilla.suse.com/1243573 SUSE Bug 1243573 In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpci_create_device() error return The zpci_create_device() function returns an error pointer that needs to be checked before dereferencing it as a struct zpci_dev pointer. Add the missing check in __clp_add() where it was missed when adding the scan_list in the fixed commit. Simply not adding the device to the scan list results in the previous behavior. CVE-2025-37974 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37974.html CVE-2025-37974 https://bugzilla.suse.com/1243547 SUSE Bug 1243547 In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead to oopses because set_page_dirty_lock() can't be called from interrupt context. Since a protection information buffer is not backed by a file there is no point in setting its page dirty, there is nothing to synchronize. Drop the call to set_page_dirty_lock() and remove the last argument to bio_integrity_unpin_bvec(). CVE-2025-37978 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37978.html CVE-2025-37978 https://bugzilla.suse.com/1243516 SUSE Bug 1243516 In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in case of RX_CODEC_DMA_RX_0 in sc7280_snd_hw_params()). Redefine LPASS_MAX_PORTS to consider the maximum possible port id for q6dsp as sc7280 driver utilizes some of those values. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-37979 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37979.html CVE-2025-37979 https://bugzilla.suse.com/1243545 SUSE Bug 1243545 In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak. CVE-2025-37980 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37980.html CVE-2025-37980 https://bugzilla.suse.com/1243522 SUSE Bug 1243522 In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue. CVE-2025-37982 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37982.html CVE-2025-37982 https://bugzilla.suse.com/1243524 SUSE Bug 1243524 In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... CVE-2025-37983 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37983.html CVE-2025-37983 https://bugzilla.suse.com/1243567 SUSE Bug 1243567 In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned CVE-2025-37985 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37985.html CVE-2025-37985 https://bugzilla.suse.com/1243529 SUSE Bug 1243529 In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistration. This ensures a clean state for future connections. CVE-2025-37986 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37986.html CVE-2025-37986 https://bugzilla.suse.com/1243515 SUSE Bug 1243515 In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is misuse of the devm API. The registration function (phy_led_triggers_register) is called from phy_attach_direct, not phy_probe, and the unregister function (phy_led_triggers_unregister) is called from phy_detach, not phy_remove. This means the register and unregister functions can be called multiple times for the same PHY device, but devm-allocated memory is not freed until the driver is unbound. This also prevents kmemleak from detecting the leak, as the devm API internally stores the allocated pointer. Fix this by replacing devm_kzalloc/devm_kcalloc with standard kzalloc/kcalloc, and add the corresponding kfree calls in the unregister path. CVE-2025-37989 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37989.html CVE-2025-37989 https://bugzilla.suse.com/1243511 SUSE Bug 1243511 In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized if the function brcmf_usb_dl_cmd() fails. It is dangerous to use uninitialized variables in the conditions. Add error handling for brcmf_usb_dl_cmd() to jump to error handling path if the brcmf_usb_dl_cmd() fails and the 'state.state' and the 'state.bytes' are uninitialized. Improve the error message to report more detailed error information. CVE-2025-37990 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-37990.html CVE-2025-37990 https://bugzilla.suse.com/1243528 SUSE Bug 1243528 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB flushes and register reads. When multiple threads or VFs try to access the same registers simultaneously, it can lead to race conditions. By using the RLCG interface, the driver can serialize access to the registers. This means that only one thread can access the registers at a time, preventing conflicts and ensuring that operations are performed correctly. Additionally, when a low-priority task holds a mutex that a high-priority task needs, ie., If a thread holding a spinlock tries to acquire a mutex, it can lead to priority inversion. register access in amdgpu_virt_rlcg_reg_rw especially in a fast code path is critical. The call stack shows that the function amdgpu_virt_rlcg_reg_rw is being called, which attempts to acquire the mutex. This function is invoked from amdgpu_sriov_wreg, which in turn is called from gmc_v11_0_flush_gpu_tlb. The [ BUG: Invalid wait context ] indicates that a thread is trying to acquire a mutex while it is in a context that does not allow it to sleep (like holding a spinlock). Fixes the below: [ 253.013423] ============================= [ 253.013434] [ BUG: Invalid wait context ] [ 253.013446] 6.12.0-amdstaging-drm-next-lol-050225 #14 Tainted: G U OE [ 253.013464] ----------------------------- [ 253.013475] kworker/0:1/10 is trying to lock: [ 253.013487] ffff9f30542e3cf8 (&adev->virt.rlcg_reg_lock){+.+.}-{3:3}, at: amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.013815] other info that might help us debug this: [ 253.013827] context-{4:4} [ 253.013835] 3 locks held by kworker/0:1/10: [ 253.013847] #0: ffff9f3040050f58 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x3f5/0x680 [ 253.013877] #1: ffffb789c008be40 ((work_completion)(&wfc.work)){+.+.}-{0:0}, at: process_one_work+0x1d6/0x680 [ 253.013905] #2: ffff9f3054281838 (&adev->gmc.invalidate_lock){+.+.}-{2:2}, at: gmc_v11_0_flush_gpu_tlb+0x198/0x4f0 [amdgpu] [ 253.014154] stack backtrace: [ 253.014164] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G U OE 6.12.0-amdstaging-drm-next-lol-050225 #14 [ 253.014189] Tainted: [U]=USER, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE [ 253.014203] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/18/2024 [ 253.014224] Workqueue: events work_for_cpu_fn [ 253.014241] Call Trace: [ 253.014250] <TASK> [ 253.014260] dump_stack_lvl+0x9b/0xf0 [ 253.014275] dump_stack+0x10/0x20 [ 253.014287] __lock_acquire+0xa47/0x2810 [ 253.014303] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.014321] lock_acquire+0xd1/0x300 [ 253.014333] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.014562] ? __lock_acquire+0xa6b/0x2810 [ 253.014578] __mutex_lock+0x85/0xe20 [ 253.014591] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.014782] ? sched_clock_noinstr+0x9/0x10 [ 253.014795] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.014808] ? local_clock_noinstr+0xe/0xc0 [ 253.014822] ? amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.015012] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.015029] mutex_lock_nested+0x1b/0x30 [ 253.015044] ? mutex_lock_nested+0x1b/0x30 [ 253.015057] amdgpu_virt_rlcg_reg_rw+0xf6/0x330 [amdgpu] [ 253.015249] amdgpu_sriov_wreg+0xc5/0xd0 [amdgpu] [ 253.015435] gmc_v11_0_flush_gpu_tlb+0x44b/0x4f0 [amdgpu] [ 253.015667] gfx_v11_0_hw_init+0x499/0x29c0 [amdgpu] [ 253.015901] ? __pfx_smu_v13_0_update_pcie_parameters+0x10/0x10 [amdgpu] [ 253.016159] ? srso_alias_return_thunk+0x5/0xfbef5 [ 253.016173] ? smu_hw_init+0x18d/0x300 [amdgpu] [ 253.016403] amdgpu_device_init+0x29ad/0x36a0 [amdgpu] [ 253.016614] amdgpu_driver_load_kms+0x1a/0xc0 [amdgpu] [ 253.0170 ---truncated--- CVE-2025-38104 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-38104.html CVE-2025-38104 https://bugzilla.suse.com/1241635 SUSE Bug 1241635 In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Clear table_sz when rproc_shutdown There is case as below could trigger kernel dump: Use U-Boot to start remote processor(rproc) with resource table published to a fixed address by rproc. After Kernel boots up, stop the rproc, load a new firmware which doesn't have resource table ,and start rproc. When starting rproc with a firmware not have resource table, `memcpy(loaded_table, rproc->cached_table, rproc->table_sz)` will trigger dump, because rproc->cache_table is set to NULL during the last stop operation, but rproc->table_sz is still valid. This issue is found on i.MX8MP and i.MX9. Dump as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000010af63000 [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Modules linked in: CPU: 2 UID: 0 PID: 1060 Comm: sh Not tainted 6.14.0-rc7-next-20250317-dirty #38 Hardware name: NXP i.MX8MPlus EVK board (DT) pstate: a0000005 (NzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __pi_memcpy_generic+0x110/0x22c lr : rproc_start+0x88/0x1e0 Call trace: __pi_memcpy_generic+0x110/0x22c (P) rproc_boot+0x198/0x57c state_store+0x40/0x104 dev_attr_store+0x18/0x2c sysfs_kf_write+0x7c/0x94 kernfs_fop_write_iter+0x120/0x1cc vfs_write+0x240/0x378 ksys_write+0x70/0x108 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x48/0x10c el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xcc el0t_64_sync_handler+0x10c/0x138 el0t_64_sync+0x198/0x19c Clear rproc->table_sz to address the issue. CVE-2025-38152 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-38152.html CVE-2025-38152 https://bugzilla.suse.com/1241627 SUSE Bug 1241627 In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr The function mtk_dp_wait_hpd_asserted() may be called before the `mtk_dp->drm_dev` pointer is assigned in mtk_dp_bridge_attach(). Specifically it can be called via this callpath: - mtk_edp_wait_hpd_asserted - [panel probe] - dp_aux_ep_probe Using "drm" level prints anywhere in this callpath causes a NULL pointer dereference. Change the error message directly in mtk_dp_wait_hpd_asserted() to dev_err() to avoid this. Also change the error messages in mtk_dp_parse_capabilities(), which is called by mtk_dp_wait_hpd_asserted(). While touching these prints, also add the error code to them to make future debugging easier. CVE-2025-38240 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-38240.html CVE-2025-38240 https://bugzilla.suse.com/1241457 SUSE Bug 1241457 In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF sometimes peeks at packets in the child qdisc without actually dequeuing them when tokens are unavailable. This peek operation creates a discrepancy between the parent and child qdisc queue length counters. When TBF later receives a high-priority packet, SKBPRIO's queue length may show a different value than what's reflected in its internal priority queue tracking, triggering the assertion. The fix removes this overly strict assertions in SKBPRIO, they are not necessary at all. CVE-2025-38637 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-38637.html CVE-2025-38637 https://bugzilla.suse.com/1241657 SUSE Bug 1241657 In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsung_clk_init() With UBSAN_ARRAY_BOUNDS=y, I'm hitting the below panic due to dereferencing `ctx->clk_data.hws` before setting `ctx->clk_data.num = nr_clks`. Move that up to fix the crash. UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP <snip> Call trace: samsung_clk_init+0x110/0x124 (P) samsung_clk_init+0x48/0x124 (L) samsung_cmu_register_one+0x3c/0xa0 exynos_arm64_register_cmu+0x54/0x64 __gs101_cmu_top_of_clk_init_declare+0x28/0x60 ... CVE-2025-39728 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-39728.html CVE-2025-39728 https://bugzilla.suse.com/1241626 SUSE Bug 1241626 In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended attribute" and calls print_hex_dump(). Here, EALIST_SIZE(ea_buf->xattr) returns 4110417968, which exceeds INT_MAX (2,147,483,647). Then ea_size is clamped: int size = clamp_t(int, ea_size, 0, EALIST_SIZE(ea_buf->xattr)); Although clamp_t aims to bound ea_size between 0 and 4110417968, the upper limit is treated as an int, causing an overflow above 2^31 - 1. This leads "size" to wrap around and become negative (-184549328). The "size" is then passed to print_hex_dump() (called "len" in print_hex_dump()), it is passed as type size_t (an unsigned type), this is then stored inside a variable called "int remaining", which is then assigned to "int linelen" which is then passed to hex_dump_to_buffer(). In print_hex_dump() the for loop, iterates through 0 to len-1, where len is 18446744073525002176, calling hex_dump_to_buffer() on each iteration: for (i = 0; i < len; i += rowsize) { linelen = min(remaining, rowsize); remaining -= rowsize; hex_dump_to_buffer(ptr + i, linelen, rowsize, groupsize, linebuf, sizeof(linebuf), ascii); ... } The expected stopping condition (i < len) is effectively broken since len is corrupted and very large. This eventually leads to the "ptr+i" being passed to hex_dump_to_buffer() to get closer to the end of the actual bounds of "ptr", eventually an out of bounds access is done in hex_dump_to_buffer() in the following for loop: for (j = 0; j < len; j++) { if (linebuflen < lx + 2) goto overflow2; ch = ptr[j]; ... } To fix this we should validate "EALIST_SIZE(ea_buf->xattr)" before it is utilised. CVE-2025-39735 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-39735.html CVE-2025-39735 https://bugzilla.suse.com/1241625 SUSE Bug 1241625 https://bugzilla.suse.com/1241699 SUSE Bug 1241699 In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, so the low speed_hz value gets clamped up to AMD_SPI_MIN_HZ. Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode() CVE-2025-40014 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-40014.html CVE-2025-40014 https://bugzilla.suse.com/1241644 SUSE Bug 1241644 In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQ_NOWAIT raid10_handle_discard should wait barrier before returning a discard bio which has REQ_NOWAIT. And there is no need to print warning calltrace if a discard bio has REQ_NOWAIT flag. Quality engineer usually checks dmesg and reports error if dmesg has warning/error calltrace. CVE-2025-40325 SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_39-rt-1-150600.1.3.2 SUSE Real Time Module 15 SP6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:dlm-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:gfs2-kmp-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-devel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-source-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:kernel-syms-rt-6.4.0-150600.10.39.1 SUSE Real Time Module 15 SP6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:cluster-md-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:dlm-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:gfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-devel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-extra-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-livepatch-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-optional-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-devel-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-rt_debug-vdso-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-source-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kernel-syms-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:kselftests-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:ocfs2-kmp-rt-6.4.0-150600.10.39.1 openSUSE Leap 15.6:reiserfs-kmp-rt-6.4.0-150600.10.39.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1/ https://www.suse.com/security/cve/CVE-2025-40325.html CVE-2025-40325 https://bugzilla.suse.com/1241638 SUSE Bug 1241638