Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01983-1 Final 1 1 2025-06-17T15:32:57Z current 2025-06-17T15:32:57Z 2025-06-17T15:32:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47670: can: peak_usb: fix use after free bugs (bsc#1241407). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49145: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (bsc#1238162). - CVE-2022-49168: btrfs: do not clean up repair bio if submit fails (bsc#1238109). - CVE-2022-49190: kernel/resource: fix kfree() of bootmem memory again (bsc#1238130). - CVE-2022-49212: mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (bsc#1238331). - CVE-2022-49216: drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (bsc#1238338). - CVE-2022-49235: ath9k_htc: fix uninit value bugs (bsc#1238333). - CVE-2022-49248: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (bsc#1238284). - CVE-2022-49253: media: usb: go7007: s2250-board: fix leak in probe() (bsc#1238420). - CVE-2022-49320: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1238394). - CVE-2022-49326: rtl818x: Prevent using not initialized queues (bsc#1238646). - CVE-2022-49371: driver core: fix deadlock in __device_attach (bsc#1238546). - CVE-2022-49382: soc: rockchip: Fix refcount leak in rockchip_grf_init (bsc#1238306). - CVE-2022-49396: phy: qcom-qmp: fix reset-controller leak on probe errors (bsc#1238289). - CVE-2022-49420: net: annotate races around sk->sk_bound_dev_if (bsc#1238887). - CVE-2022-49441: tty: fix deadlock caused by calling printk() under tty_port->lock (bsc#1238263). - CVE-2022-49445: pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (bsc#1238019). - CVE-2022-49460: PM / devfreq: rk3399_dmc: Disable edev on remove() (bsc#1238892). - CVE-2022-49467: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (bsc#1238815). - CVE-2022-49474: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (bsc#1238071). - CVE-2022-49491: drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (bsc#1238539). - CVE-2022-49503: ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (bsc#1238868). - CVE-2022-49592: net: stmmac: fix dma queue left shift overflow issue (bsc#1238311). - CVE-2022-49625: sfc: fix kernel panic when creating VF (bsc#1238411). - CVE-2022-49635: drm/i915/selftests: fix subtraction overflow bug (bsc#1238806). - CVE-2022-49652: dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (bsc#1238871). - CVE-2022-49715: irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (bsc#1238818). - CVE-2022-49728: kABI workaround for changeing the variable length type to size_t (bsc#1239111). - CVE-2022-49729: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (bsc#1239060). - CVE-2022-49751: w1: fix WARNING after calling w1_process() (bsc#1240254). - CVE-2022-49761: btrfs: always report error in run_one_delayed_ref() (bsc#1240261). - CVE-2022-49772: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (bsc#1242147). - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245). - CVE-2022-49776: macvlan: enforce a consistent minimal mtu (bsc#1242248). - CVE-2022-49787: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (bsc#1242352). - CVE-2022-49788: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (bsc#1242353). - CVE-2022-49813: net: ena: Fix error handling in ena_init() (bsc#1242497). - CVE-2022-49821: mISDN: fix possible memory leak in mISDN_dsp_element_register() (bsc#1242542). - CVE-2022-49826: ata: libata-transport: fix double ata_host_put() in ata_tport_add() (bsc#1242549). - CVE-2022-49829: drm/scheduler: fix fence ref counting (bsc#1242691). - CVE-2022-49832: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (bsc#1242154). - CVE-2022-49835: ALSA: hda: fix potential memleak in 'add_widget_node' (bsc#1242385). - CVE-2022-49840: bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() (bsc#1242447). - CVE-2022-49842: ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (bsc#1242484). - CVE-2022-49853: net: macvlan: fix memory leaks of macvlan_common_newlink (bsc#1242688). - CVE-2022-49861: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (bsc#1242580). - CVE-2022-49862: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (bsc#1242755). - CVE-2022-49865: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (bsc#1242570). - CVE-2022-49871: net: tun: call napi_schedule_prep() to ensure we own a napi (bsc#1242558). - CVE-2022-49872: net: gso: fix panic on frag_list with mixed head alloc types (bsc#1242594). - CVE-2022-49874: HID: hyperv: fix possible memory leak in mousevsc_probe() (bsc#1242478). - CVE-2022-49898: btrfs: fix tree mod log mishandling of reallocated nodes (bsc#1242472). - CVE-2022-49907: net: mdio: fix undefined behavior in bit shift for __mdiobus_register (bsc#1242450). - CVE-2022-49913: btrfs: fix inode list leak during backref walking at find_parent_nodes() (bsc#1242470). - CVE-2022-49914: btrfs: fix inode list leak during backref walking at resolve_indirect_refs() (bsc#1242427). - CVE-2022-49922: nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (bsc#1242378). - CVE-2022-49923: nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (bsc#1242394). - CVE-2022-49924: nfc: fdp: Fix potential memory leak in fdp_nci_send() (bsc#1242426). - CVE-2022-49925: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (bsc#1242371). - CVE-2022-49931: IB/hfi1: Correctly move list in sc_disable() (bsc#1242382). - CVE-2023-52868: thermal: core: prevent potential string overflow (bsc#1225044). - CVE-2023-52975: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (bsc#1240322). - CVE-2023-52988: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (bsc#1240293). - CVE-2023-52989: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (bsc#1240266). - CVE-2023-52993: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (bsc#1240297). - CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745). - CVE-2023-53045: usb: gadget: u_audio: do not let userspace block driver unbind (bsc#1242756). - CVE-2023-53066: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (bsc#1242227). - CVE-2023-53079: net/mlx5: Fix steering rules cleanup (bsc#1242765). - CVE-2023-53080: xsk: Add missing overflow check in xdp_umem_reg (bsc#1242287). - CVE-2023-53094: tty: serial: fsl_lpuart: fix race on RX DMA shutdown (bsc#1242288). - CVE-2023-53103: bonding: Fix memory leak when changing bond type to Ethernet (bsc#1242408). - CVE-2023-53114: i40e: Fix kernel crash during reboot when adapter is in recovery mode (bsc#1242398). - CVE-2023-53139: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (bsc#1242361). - CVE-2024-26740: Fixed use the backlog for mirred ingress (bsc#1222563). - CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-50106: nfsd: fix race between laundromat and free_stateid() (bsc#1232882). - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887). - CVE-2024-56779: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (bsc#1235632). - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21704: usb: cdc-acm: Check control transfer buffer size before access (bsc#1237571). - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774). - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473). - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282). - CVE-2025-22027: media: streamzap: fix race between device disconnection and urb callback (bsc#1241369). - CVE-2025-22050: usbnet:fix NPE during rx_complete (bsc#1241441). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-23136: thermal: int340x: Add NULL check for adev (bsc#1241357). - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513). - CVE-2025-23161: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (bsc#1242792). - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786). - CVE-2025-37782: hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (bsc#1242770). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37794: wifi: mac80211: Purge vif txq in ieee80211_do_stop() (bsc#1242566). - CVE-2025-37796: wifi: at76c50x: fix use after free access in at76_disconnect (bsc#1242727). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868). - CVE-2025-37852: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (bsc#1243074). - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077). - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541). - CVE-2025-37989: net: phy: leds: fix memory leak (bsc#1243511). - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657). The following non-security bugs were fixed: - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745). - NFC: nxp-nci: remove unnecessary labels (bsc#1242394). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778). - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778). - arm64: insn: Add N immediate encoding (bsc#1242778). - arm64: insn: Add encoder for bitwise operations using literals (bsc#1242778). - arm64: insn: Add support for encoding DSB (bsc#1242778). - arm64: insn: Fix two bugs in encoding 32-bit logical immediates (bsc#1242778). - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778). - arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778). - arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778). - devm-helpers: Add resource managed version of work init (bsc#1242745) - irqchip: gic-v3: Use of_cpu_node_to_id helper (bsc#1238818) - kernel: Remove debug flavor (bsc#1243919). - mtd: phram: Add the kernel lock down check (bsc#1232649). - net/sched: initialize noop_qdisc owner (git-fixes). - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - netfilter: Adjusted the backported patch as it caused a regression (bsc#1218752). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (bsc#1242154) - workqueue: Add resource managed version of delayed work init (bsc#1242745) - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes). - x86/bugs: Fix BHI handling of RRSBA (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix return type of spectre_bhi_state() (git-fixes). - x86/smpboot: Remove unused phys_id variable (git-commit). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1983,SUSE-SLE-Live-Patching-12-SP5-2025-1983,SUSE-SLE-SERVER-12-SP5-LTSS-2025-1983,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-1983 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ Link for SUSE-SU-2025:01983-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040323.html E-Mail link for SUSE-SU-2025:01983-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1184350 SUSE Bug 1184350 https://bugzilla.suse.com/1190317 SUSE Bug 1190317 https://bugzilla.suse.com/1190601 SUSE Bug 1190601 https://bugzilla.suse.com/1194227 SUSE Bug 1194227 https://bugzilla.suse.com/1206073 SUSE Bug 1206073 https://bugzilla.suse.com/1206649 SUSE Bug 1206649 https://bugzilla.suse.com/1206677 SUSE Bug 1206677 https://bugzilla.suse.com/1206887 SUSE Bug 1206887 https://bugzilla.suse.com/1209292 SUSE Bug 1209292 https://bugzilla.suse.com/1209556 SUSE Bug 1209556 https://bugzilla.suse.com/1209684 SUSE Bug 1209684 https://bugzilla.suse.com/1210336 SUSE Bug 1210336 https://bugzilla.suse.com/1210337 SUSE Bug 1210337 https://bugzilla.suse.com/1211466 SUSE Bug 1211466 https://bugzilla.suse.com/1213012 SUSE Bug 1213012 https://bugzilla.suse.com/1213013 SUSE Bug 1213013 https://bugzilla.suse.com/1218752 SUSE Bug 1218752 https://bugzilla.suse.com/1222004 SUSE Bug 1222004 https://bugzilla.suse.com/1222563 SUSE Bug 1222563 https://bugzilla.suse.com/1222629 SUSE Bug 1222629 https://bugzilla.suse.com/1223720 SUSE Bug 1223720 https://bugzilla.suse.com/1225044 SUSE Bug 1225044 https://bugzilla.suse.com/1229516 SUSE Bug 1229516 https://bugzilla.suse.com/1230434 SUSE Bug 1230434 https://bugzilla.suse.com/1230786 SUSE Bug 1230786 https://bugzilla.suse.com/1230794 SUSE Bug 1230794 https://bugzilla.suse.com/1232504 SUSE Bug 1232504 https://bugzilla.suse.com/1232649 SUSE Bug 1232649 https://bugzilla.suse.com/1232882 SUSE Bug 1232882 https://bugzilla.suse.com/1234887 SUSE Bug 1234887 https://bugzilla.suse.com/1235485 SUSE Bug 1235485 https://bugzilla.suse.com/1235632 SUSE Bug 1235632 https://bugzilla.suse.com/1236142 SUSE Bug 1236142 https://bugzilla.suse.com/1237312 SUSE Bug 1237312 https://bugzilla.suse.com/1237571 SUSE Bug 1237571 https://bugzilla.suse.com/1238019 SUSE Bug 1238019 https://bugzilla.suse.com/1238032 SUSE Bug 1238032 https://bugzilla.suse.com/1238071 SUSE Bug 1238071 https://bugzilla.suse.com/1238109 SUSE Bug 1238109 https://bugzilla.suse.com/1238130 SUSE Bug 1238130 https://bugzilla.suse.com/1238162 SUSE Bug 1238162 https://bugzilla.suse.com/1238263 SUSE Bug 1238263 https://bugzilla.suse.com/1238284 SUSE Bug 1238284 https://bugzilla.suse.com/1238289 SUSE Bug 1238289 https://bugzilla.suse.com/1238306 SUSE Bug 1238306 https://bugzilla.suse.com/1238311 SUSE Bug 1238311 https://bugzilla.suse.com/1238331 SUSE Bug 1238331 https://bugzilla.suse.com/1238333 SUSE Bug 1238333 https://bugzilla.suse.com/1238338 SUSE Bug 1238338 https://bugzilla.suse.com/1238394 SUSE Bug 1238394 https://bugzilla.suse.com/1238411 SUSE Bug 1238411 https://bugzilla.suse.com/1238420 SUSE Bug 1238420 https://bugzilla.suse.com/1238473 SUSE Bug 1238473 https://bugzilla.suse.com/1238539 SUSE Bug 1238539 https://bugzilla.suse.com/1238546 SUSE Bug 1238546 https://bugzilla.suse.com/1238646 SUSE Bug 1238646 https://bugzilla.suse.com/1238774 SUSE Bug 1238774 https://bugzilla.suse.com/1238806 SUSE Bug 1238806 https://bugzilla.suse.com/1238815 SUSE Bug 1238815 https://bugzilla.suse.com/1238818 SUSE Bug 1238818 https://bugzilla.suse.com/1238868 SUSE Bug 1238868 https://bugzilla.suse.com/1238871 SUSE Bug 1238871 https://bugzilla.suse.com/1238887 SUSE Bug 1238887 https://bugzilla.suse.com/1238892 SUSE Bug 1238892 https://bugzilla.suse.com/1239060 SUSE Bug 1239060 https://bugzilla.suse.com/1239111 SUSE Bug 1239111 https://bugzilla.suse.com/1240254 SUSE Bug 1240254 https://bugzilla.suse.com/1240261 SUSE Bug 1240261 https://bugzilla.suse.com/1240266 SUSE Bug 1240266 https://bugzilla.suse.com/1240293 SUSE Bug 1240293 https://bugzilla.suse.com/1240297 SUSE Bug 1240297 https://bugzilla.suse.com/1240322 SUSE Bug 1240322 https://bugzilla.suse.com/1240784 SUSE Bug 1240784 https://bugzilla.suse.com/1241282 SUSE Bug 1241282 https://bugzilla.suse.com/1241332 SUSE Bug 1241332 https://bugzilla.suse.com/1241351 SUSE Bug 1241351 https://bugzilla.suse.com/1241357 SUSE Bug 1241357 https://bugzilla.suse.com/1241361 SUSE Bug 1241361 https://bugzilla.suse.com/1241369 SUSE Bug 1241369 https://bugzilla.suse.com/1241407 SUSE Bug 1241407 https://bugzilla.suse.com/1241441 SUSE Bug 1241441 https://bugzilla.suse.com/1241526 SUSE Bug 1241526 https://bugzilla.suse.com/1241550 SUSE Bug 1241550 https://bugzilla.suse.com/1241657 SUSE Bug 1241657 https://bugzilla.suse.com/1242147 SUSE Bug 1242147 https://bugzilla.suse.com/1242154 SUSE Bug 1242154 https://bugzilla.suse.com/1242165 SUSE Bug 1242165 https://bugzilla.suse.com/1242215 SUSE Bug 1242215 https://bugzilla.suse.com/1242218 SUSE Bug 1242218 https://bugzilla.suse.com/1242219 SUSE Bug 1242219 https://bugzilla.suse.com/1242225 SUSE Bug 1242225 https://bugzilla.suse.com/1242227 SUSE Bug 1242227 https://bugzilla.suse.com/1242228 SUSE Bug 1242228 https://bugzilla.suse.com/1242231 SUSE Bug 1242231 https://bugzilla.suse.com/1242239 SUSE Bug 1242239 https://bugzilla.suse.com/1242241 SUSE Bug 1242241 https://bugzilla.suse.com/1242245 SUSE Bug 1242245 https://bugzilla.suse.com/1242248 SUSE Bug 1242248 https://bugzilla.suse.com/1242284 SUSE Bug 1242284 https://bugzilla.suse.com/1242285 SUSE Bug 1242285 https://bugzilla.suse.com/1242287 SUSE Bug 1242287 https://bugzilla.suse.com/1242288 SUSE Bug 1242288 https://bugzilla.suse.com/1242352 SUSE Bug 1242352 https://bugzilla.suse.com/1242353 SUSE Bug 1242353 https://bugzilla.suse.com/1242361 SUSE Bug 1242361 https://bugzilla.suse.com/1242362 SUSE Bug 1242362 https://bugzilla.suse.com/1242366 SUSE Bug 1242366 https://bugzilla.suse.com/1242370 SUSE Bug 1242370 https://bugzilla.suse.com/1242371 SUSE Bug 1242371 https://bugzilla.suse.com/1242372 SUSE Bug 1242372 https://bugzilla.suse.com/1242377 SUSE Bug 1242377 https://bugzilla.suse.com/1242378 SUSE Bug 1242378 https://bugzilla.suse.com/1242382 SUSE Bug 1242382 https://bugzilla.suse.com/1242385 SUSE Bug 1242385 https://bugzilla.suse.com/1242394 SUSE Bug 1242394 https://bugzilla.suse.com/1242398 SUSE Bug 1242398 https://bugzilla.suse.com/1242405 SUSE Bug 1242405 https://bugzilla.suse.com/1242408 SUSE Bug 1242408 https://bugzilla.suse.com/1242409 SUSE Bug 1242409 https://bugzilla.suse.com/1242414 SUSE Bug 1242414 https://bugzilla.suse.com/1242416 SUSE Bug 1242416 https://bugzilla.suse.com/1242417 SUSE Bug 1242417 https://bugzilla.suse.com/1242422 SUSE Bug 1242422 https://bugzilla.suse.com/1242426 SUSE Bug 1242426 https://bugzilla.suse.com/1242427 SUSE Bug 1242427 https://bugzilla.suse.com/1242440 SUSE Bug 1242440 https://bugzilla.suse.com/1242447 SUSE Bug 1242447 https://bugzilla.suse.com/1242449 SUSE Bug 1242449 https://bugzilla.suse.com/1242450 SUSE Bug 1242450 https://bugzilla.suse.com/1242452 SUSE Bug 1242452 https://bugzilla.suse.com/1242453 SUSE Bug 1242453 https://bugzilla.suse.com/1242455 SUSE Bug 1242455 https://bugzilla.suse.com/1242464 SUSE Bug 1242464 https://bugzilla.suse.com/1242470 SUSE Bug 1242470 https://bugzilla.suse.com/1242472 SUSE Bug 1242472 https://bugzilla.suse.com/1242478 SUSE Bug 1242478 https://bugzilla.suse.com/1242483 SUSE Bug 1242483 https://bugzilla.suse.com/1242484 SUSE Bug 1242484 https://bugzilla.suse.com/1242497 SUSE Bug 1242497 https://bugzilla.suse.com/1242504 SUSE Bug 1242504 https://bugzilla.suse.com/1242513 SUSE Bug 1242513 https://bugzilla.suse.com/1242527 SUSE Bug 1242527 https://bugzilla.suse.com/1242542 SUSE Bug 1242542 https://bugzilla.suse.com/1242544 SUSE Bug 1242544 https://bugzilla.suse.com/1242549 SUSE Bug 1242549 https://bugzilla.suse.com/1242558 SUSE Bug 1242558 https://bugzilla.suse.com/1242566 SUSE Bug 1242566 https://bugzilla.suse.com/1242570 SUSE Bug 1242570 https://bugzilla.suse.com/1242580 SUSE Bug 1242580 https://bugzilla.suse.com/1242594 SUSE Bug 1242594 https://bugzilla.suse.com/1242686 SUSE Bug 1242686 https://bugzilla.suse.com/1242688 SUSE Bug 1242688 https://bugzilla.suse.com/1242691 SUSE Bug 1242691 https://bugzilla.suse.com/1242716 SUSE Bug 1242716 https://bugzilla.suse.com/1242727 SUSE Bug 1242727 https://bugzilla.suse.com/1242734 SUSE Bug 1242734 https://bugzilla.suse.com/1242745 SUSE Bug 1242745 https://bugzilla.suse.com/1242747 SUSE Bug 1242747 https://bugzilla.suse.com/1242755 SUSE Bug 1242755 https://bugzilla.suse.com/1242756 SUSE Bug 1242756 https://bugzilla.suse.com/1242759 SUSE Bug 1242759 https://bugzilla.suse.com/1242762 SUSE Bug 1242762 https://bugzilla.suse.com/1242765 SUSE Bug 1242765 https://bugzilla.suse.com/1242770 SUSE Bug 1242770 https://bugzilla.suse.com/1242778 SUSE Bug 1242778 https://bugzilla.suse.com/1242786 SUSE Bug 1242786 https://bugzilla.suse.com/1242790 SUSE Bug 1242790 https://bugzilla.suse.com/1242791 SUSE Bug 1242791 https://bugzilla.suse.com/1242792 SUSE Bug 1242792 https://bugzilla.suse.com/1242835 SUSE Bug 1242835 https://bugzilla.suse.com/1242859 SUSE Bug 1242859 https://bugzilla.suse.com/1242868 SUSE Bug 1242868 https://bugzilla.suse.com/1242924 SUSE Bug 1242924 https://bugzilla.suse.com/1242949 SUSE Bug 1242949 https://bugzilla.suse.com/1243047 SUSE Bug 1243047 https://bugzilla.suse.com/1243074 SUSE Bug 1243074 https://bugzilla.suse.com/1243077 SUSE Bug 1243077 https://bugzilla.suse.com/1243511 SUSE Bug 1243511 https://bugzilla.suse.com/1243541 SUSE Bug 1243541 https://bugzilla.suse.com/1243543 SUSE Bug 1243543 https://bugzilla.suse.com/1243627 SUSE Bug 1243627 https://bugzilla.suse.com/1243649 SUSE Bug 1243649 https://bugzilla.suse.com/1243660 SUSE Bug 1243660 https://bugzilla.suse.com/1243919 SUSE Bug 1243919 https://www.suse.com/security/cve/CVE-2020-36791/ SUSE CVE CVE-2020-36791 page https://www.suse.com/security/cve/CVE-2021-20320/ SUSE CVE CVE-2021-20320 page https://www.suse.com/security/cve/CVE-2021-4159/ SUSE CVE CVE-2021-4159 page https://www.suse.com/security/cve/CVE-2021-47170/ SUSE CVE CVE-2021-47170 page https://www.suse.com/security/cve/CVE-2021-47670/ SUSE CVE CVE-2021-47670 page https://www.suse.com/security/cve/CVE-2022-3564/ SUSE CVE CVE-2022-3564 page https://www.suse.com/security/cve/CVE-2022-48875/ SUSE CVE CVE-2022-48875 page https://www.suse.com/security/cve/CVE-2022-49139/ SUSE CVE CVE-2022-49139 page https://www.suse.com/security/cve/CVE-2022-49145/ SUSE CVE CVE-2022-49145 page https://www.suse.com/security/cve/CVE-2022-49168/ SUSE CVE CVE-2022-49168 page https://www.suse.com/security/cve/CVE-2022-49190/ SUSE CVE CVE-2022-49190 page https://www.suse.com/security/cve/CVE-2022-49212/ SUSE CVE CVE-2022-49212 page https://www.suse.com/security/cve/CVE-2022-49216/ SUSE CVE CVE-2022-49216 page https://www.suse.com/security/cve/CVE-2022-49235/ SUSE CVE CVE-2022-49235 page https://www.suse.com/security/cve/CVE-2022-49248/ SUSE CVE CVE-2022-49248 page https://www.suse.com/security/cve/CVE-2022-49253/ SUSE CVE CVE-2022-49253 page https://www.suse.com/security/cve/CVE-2022-49320/ SUSE CVE CVE-2022-49320 page https://www.suse.com/security/cve/CVE-2022-49326/ SUSE CVE CVE-2022-49326 page https://www.suse.com/security/cve/CVE-2022-49371/ SUSE CVE CVE-2022-49371 page https://www.suse.com/security/cve/CVE-2022-49382/ SUSE CVE CVE-2022-49382 page https://www.suse.com/security/cve/CVE-2022-49396/ SUSE CVE CVE-2022-49396 page https://www.suse.com/security/cve/CVE-2022-49420/ SUSE CVE CVE-2022-49420 page https://www.suse.com/security/cve/CVE-2022-49441/ SUSE CVE CVE-2022-49441 page https://www.suse.com/security/cve/CVE-2022-49445/ SUSE CVE CVE-2022-49445 page https://www.suse.com/security/cve/CVE-2022-49460/ SUSE CVE CVE-2022-49460 page https://www.suse.com/security/cve/CVE-2022-49467/ SUSE CVE CVE-2022-49467 page https://www.suse.com/security/cve/CVE-2022-49474/ SUSE CVE CVE-2022-49474 page https://www.suse.com/security/cve/CVE-2022-49491/ SUSE CVE CVE-2022-49491 page https://www.suse.com/security/cve/CVE-2022-49503/ SUSE CVE CVE-2022-49503 page https://www.suse.com/security/cve/CVE-2022-49592/ SUSE CVE CVE-2022-49592 page https://www.suse.com/security/cve/CVE-2022-49625/ SUSE CVE CVE-2022-49625 page https://www.suse.com/security/cve/CVE-2022-49635/ SUSE CVE CVE-2022-49635 page https://www.suse.com/security/cve/CVE-2022-49652/ SUSE CVE CVE-2022-49652 page https://www.suse.com/security/cve/CVE-2022-49715/ SUSE CVE CVE-2022-49715 page https://www.suse.com/security/cve/CVE-2022-49728/ SUSE CVE CVE-2022-49728 page https://www.suse.com/security/cve/CVE-2022-49729/ SUSE CVE CVE-2022-49729 page https://www.suse.com/security/cve/CVE-2022-49751/ SUSE CVE CVE-2022-49751 page https://www.suse.com/security/cve/CVE-2022-49761/ SUSE CVE CVE-2022-49761 page https://www.suse.com/security/cve/CVE-2022-49769/ SUSE CVE CVE-2022-49769 page https://www.suse.com/security/cve/CVE-2022-49771/ SUSE CVE CVE-2022-49771 page https://www.suse.com/security/cve/CVE-2022-49772/ SUSE CVE CVE-2022-49772 page https://www.suse.com/security/cve/CVE-2022-49775/ SUSE CVE CVE-2022-49775 page https://www.suse.com/security/cve/CVE-2022-49776/ SUSE CVE CVE-2022-49776 page https://www.suse.com/security/cve/CVE-2022-49787/ SUSE CVE CVE-2022-49787 page https://www.suse.com/security/cve/CVE-2022-49788/ SUSE CVE CVE-2022-49788 page https://www.suse.com/security/cve/CVE-2022-49789/ SUSE CVE CVE-2022-49789 page https://www.suse.com/security/cve/CVE-2022-49813/ SUSE CVE CVE-2022-49813 page https://www.suse.com/security/cve/CVE-2022-49818/ SUSE CVE CVE-2022-49818 page https://www.suse.com/security/cve/CVE-2022-49821/ SUSE CVE CVE-2022-49821 page https://www.suse.com/security/cve/CVE-2022-49822/ SUSE CVE CVE-2022-49822 page https://www.suse.com/security/cve/CVE-2022-49826/ SUSE CVE CVE-2022-49826 page https://www.suse.com/security/cve/CVE-2022-49829/ SUSE CVE CVE-2022-49829 page https://www.suse.com/security/cve/CVE-2022-49832/ SUSE CVE CVE-2022-49832 page https://www.suse.com/security/cve/CVE-2022-49835/ SUSE CVE CVE-2022-49835 page https://www.suse.com/security/cve/CVE-2022-49840/ SUSE CVE CVE-2022-49840 page https://www.suse.com/security/cve/CVE-2022-49842/ SUSE CVE CVE-2022-49842 page https://www.suse.com/security/cve/CVE-2022-49846/ SUSE CVE CVE-2022-49846 page https://www.suse.com/security/cve/CVE-2022-49853/ SUSE CVE CVE-2022-49853 page https://www.suse.com/security/cve/CVE-2022-49861/ SUSE CVE CVE-2022-49861 page https://www.suse.com/security/cve/CVE-2022-49862/ SUSE CVE CVE-2022-49862 page https://www.suse.com/security/cve/CVE-2022-49865/ SUSE CVE CVE-2022-49865 page https://www.suse.com/security/cve/CVE-2022-49871/ SUSE CVE CVE-2022-49871 page https://www.suse.com/security/cve/CVE-2022-49872/ SUSE CVE CVE-2022-49872 page https://www.suse.com/security/cve/CVE-2022-49874/ SUSE CVE CVE-2022-49874 page https://www.suse.com/security/cve/CVE-2022-49877/ SUSE CVE CVE-2022-49877 page https://www.suse.com/security/cve/CVE-2022-49880/ SUSE CVE CVE-2022-49880 page https://www.suse.com/security/cve/CVE-2022-49889/ SUSE CVE CVE-2022-49889 page https://www.suse.com/security/cve/CVE-2022-49892/ SUSE CVE CVE-2022-49892 page https://www.suse.com/security/cve/CVE-2022-49898/ SUSE CVE CVE-2022-49898 page https://www.suse.com/security/cve/CVE-2022-49906/ SUSE CVE CVE-2022-49906 page https://www.suse.com/security/cve/CVE-2022-49907/ SUSE CVE CVE-2022-49907 page https://www.suse.com/security/cve/CVE-2022-49909/ SUSE CVE CVE-2022-49909 page https://www.suse.com/security/cve/CVE-2022-49910/ SUSE CVE CVE-2022-49910 page https://www.suse.com/security/cve/CVE-2022-49913/ SUSE CVE CVE-2022-49913 page https://www.suse.com/security/cve/CVE-2022-49914/ SUSE CVE CVE-2022-49914 page https://www.suse.com/security/cve/CVE-2022-49915/ SUSE CVE CVE-2022-49915 page https://www.suse.com/security/cve/CVE-2022-49922/ SUSE CVE CVE-2022-49922 page https://www.suse.com/security/cve/CVE-2022-49923/ SUSE CVE CVE-2022-49923 page https://www.suse.com/security/cve/CVE-2022-49924/ SUSE CVE CVE-2022-49924 page https://www.suse.com/security/cve/CVE-2022-49925/ SUSE CVE CVE-2022-49925 page https://www.suse.com/security/cve/CVE-2022-49927/ SUSE CVE CVE-2022-49927 page https://www.suse.com/security/cve/CVE-2022-49931/ SUSE CVE CVE-2022-49931 page https://www.suse.com/security/cve/CVE-2023-1074/ SUSE CVE CVE-2023-1074 page https://www.suse.com/security/cve/CVE-2023-1989/ SUSE CVE CVE-2023-1989 page https://www.suse.com/security/cve/CVE-2023-1990/ SUSE CVE CVE-2023-1990 page https://www.suse.com/security/cve/CVE-2023-52868/ SUSE CVE CVE-2023-52868 page https://www.suse.com/security/cve/CVE-2023-52975/ SUSE CVE CVE-2023-52975 page https://www.suse.com/security/cve/CVE-2023-52988/ SUSE CVE CVE-2023-52988 page https://www.suse.com/security/cve/CVE-2023-52989/ SUSE CVE CVE-2023-52989 page https://www.suse.com/security/cve/CVE-2023-52993/ SUSE CVE CVE-2023-52993 page https://www.suse.com/security/cve/CVE-2023-53039/ SUSE CVE CVE-2023-53039 page https://www.suse.com/security/cve/CVE-2023-53041/ SUSE CVE CVE-2023-53041 page https://www.suse.com/security/cve/CVE-2023-53044/ SUSE CVE CVE-2023-53044 page https://www.suse.com/security/cve/CVE-2023-53045/ SUSE CVE CVE-2023-53045 page https://www.suse.com/security/cve/CVE-2023-53051/ SUSE CVE CVE-2023-53051 page https://www.suse.com/security/cve/CVE-2023-53056/ SUSE CVE CVE-2023-53056 page https://www.suse.com/security/cve/CVE-2023-53060/ SUSE CVE CVE-2023-53060 page https://www.suse.com/security/cve/CVE-2023-53062/ SUSE CVE CVE-2023-53062 page https://www.suse.com/security/cve/CVE-2023-53066/ SUSE CVE CVE-2023-53066 page https://www.suse.com/security/cve/CVE-2023-53068/ SUSE CVE CVE-2023-53068 page https://www.suse.com/security/cve/CVE-2023-53075/ SUSE CVE CVE-2023-53075 page https://www.suse.com/security/cve/CVE-2023-53078/ SUSE CVE CVE-2023-53078 page https://www.suse.com/security/cve/CVE-2023-53079/ SUSE CVE CVE-2023-53079 page https://www.suse.com/security/cve/CVE-2023-53080/ SUSE CVE CVE-2023-53080 page https://www.suse.com/security/cve/CVE-2023-53094/ SUSE CVE CVE-2023-53094 page https://www.suse.com/security/cve/CVE-2023-53100/ SUSE CVE CVE-2023-53100 page https://www.suse.com/security/cve/CVE-2023-53101/ SUSE CVE CVE-2023-53101 page https://www.suse.com/security/cve/CVE-2023-53103/ SUSE CVE CVE-2023-53103 page https://www.suse.com/security/cve/CVE-2023-53106/ SUSE CVE CVE-2023-53106 page https://www.suse.com/security/cve/CVE-2023-53108/ SUSE CVE CVE-2023-53108 page https://www.suse.com/security/cve/CVE-2023-53109/ SUSE CVE CVE-2023-53109 page https://www.suse.com/security/cve/CVE-2023-53114/ SUSE CVE CVE-2023-53114 page https://www.suse.com/security/cve/CVE-2023-53119/ SUSE CVE CVE-2023-53119 page https://www.suse.com/security/cve/CVE-2023-53121/ SUSE CVE CVE-2023-53121 page https://www.suse.com/security/cve/CVE-2023-53124/ SUSE CVE CVE-2023-53124 page https://www.suse.com/security/cve/CVE-2023-53125/ SUSE CVE CVE-2023-53125 page https://www.suse.com/security/cve/CVE-2023-53131/ SUSE CVE CVE-2023-53131 page https://www.suse.com/security/cve/CVE-2023-53139/ SUSE CVE CVE-2023-53139 page https://www.suse.com/security/cve/CVE-2023-53140/ SUSE CVE CVE-2023-53140 page https://www.suse.com/security/cve/CVE-2023-53141/ SUSE CVE CVE-2023-53141 page https://www.suse.com/security/cve/CVE-2023-53145/ SUSE CVE CVE-2023-53145 page https://www.suse.com/security/cve/CVE-2024-26740/ SUSE CVE CVE-2024-26740 page https://www.suse.com/security/cve/CVE-2024-26804/ SUSE CVE CVE-2024-26804 page https://www.suse.com/security/cve/CVE-2024-27010/ SUSE CVE CVE-2024-27010 page https://www.suse.com/security/cve/CVE-2024-45021/ SUSE CVE CVE-2024-45021 page https://www.suse.com/security/cve/CVE-2024-46751/ SUSE CVE CVE-2024-46751 page https://www.suse.com/security/cve/CVE-2024-46752/ SUSE CVE CVE-2024-46752 page https://www.suse.com/security/cve/CVE-2024-50106/ SUSE CVE CVE-2024-50106 page https://www.suse.com/security/cve/CVE-2024-53168/ SUSE CVE CVE-2024-53168 page https://www.suse.com/security/cve/CVE-2024-56633/ SUSE CVE CVE-2024-56633 page https://www.suse.com/security/cve/CVE-2024-56779/ SUSE CVE CVE-2024-56779 page https://www.suse.com/security/cve/CVE-2025-21648/ SUSE CVE CVE-2025-21648 page https://www.suse.com/security/cve/CVE-2025-21702/ SUSE CVE CVE-2025-21702 page https://www.suse.com/security/cve/CVE-2025-21704/ SUSE CVE CVE-2025-21704 page https://www.suse.com/security/cve/CVE-2025-21787/ SUSE CVE CVE-2025-21787 page https://www.suse.com/security/cve/CVE-2025-21814/ SUSE CVE CVE-2025-21814 page https://www.suse.com/security/cve/CVE-2025-21969/ SUSE CVE CVE-2025-21969 page https://www.suse.com/security/cve/CVE-2025-22021/ SUSE CVE CVE-2025-22021 page https://www.suse.com/security/cve/CVE-2025-22025/ SUSE CVE CVE-2025-22025 page https://www.suse.com/security/cve/CVE-2025-22027/ SUSE CVE CVE-2025-22027 page https://www.suse.com/security/cve/CVE-2025-22050/ SUSE CVE CVE-2025-22050 page https://www.suse.com/security/cve/CVE-2025-22058/ SUSE CVE CVE-2025-22058 page https://www.suse.com/security/cve/CVE-2025-22060/ SUSE CVE CVE-2025-22060 page https://www.suse.com/security/cve/CVE-2025-22063/ SUSE CVE CVE-2025-22063 page https://www.suse.com/security/cve/CVE-2025-22104/ SUSE CVE CVE-2025-22104 page https://www.suse.com/security/cve/CVE-2025-23136/ SUSE CVE CVE-2025-23136 page https://www.suse.com/security/cve/CVE-2025-23150/ SUSE CVE CVE-2025-23150 page https://www.suse.com/security/cve/CVE-2025-23161/ SUSE CVE CVE-2025-23161 page https://www.suse.com/security/cve/CVE-2025-37749/ SUSE CVE CVE-2025-37749 page https://www.suse.com/security/cve/CVE-2025-37752/ SUSE CVE CVE-2025-37752 page https://www.suse.com/security/cve/CVE-2025-37780/ SUSE CVE CVE-2025-37780 page https://www.suse.com/security/cve/CVE-2025-37782/ SUSE CVE CVE-2025-37782 page https://www.suse.com/security/cve/CVE-2025-37789/ SUSE CVE CVE-2025-37789 page https://www.suse.com/security/cve/CVE-2025-37794/ SUSE CVE CVE-2025-37794 page https://www.suse.com/security/cve/CVE-2025-37796/ SUSE CVE CVE-2025-37796 page https://www.suse.com/security/cve/CVE-2025-37797/ SUSE CVE CVE-2025-37797 page https://www.suse.com/security/cve/CVE-2025-37798/ SUSE CVE CVE-2025-37798 page https://www.suse.com/security/cve/CVE-2025-37823/ SUSE CVE CVE-2025-37823 page https://www.suse.com/security/cve/CVE-2025-37833/ SUSE CVE CVE-2025-37833 page https://www.suse.com/security/cve/CVE-2025-37852/ SUSE CVE CVE-2025-37852 page https://www.suse.com/security/cve/CVE-2025-37871/ SUSE CVE CVE-2025-37871 page https://www.suse.com/security/cve/CVE-2025-37879/ SUSE CVE CVE-2025-37879 page https://www.suse.com/security/cve/CVE-2025-37932/ SUSE CVE CVE-2025-37932 page https://www.suse.com/security/cve/CVE-2025-37948/ SUSE CVE CVE-2025-37948 page https://www.suse.com/security/cve/CVE-2025-37949/ SUSE CVE CVE-2025-37949 page https://www.suse.com/security/cve/CVE-2025-37953/ SUSE CVE CVE-2025-37953 page https://www.suse.com/security/cve/CVE-2025-37963/ SUSE CVE CVE-2025-37963 page https://www.suse.com/security/cve/CVE-2025-37989/ SUSE CVE CVE-2025-37989 page https://www.suse.com/security/cve/CVE-2025-38637/ SUSE CVE CVE-2025-38637 page SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 cluster-md-kmp-default-4.12.14-122.261.1 dlm-kmp-default-4.12.14-122.261.1 gfs2-kmp-default-4.12.14-122.261.1 kernel-default-4.12.14-122.261.1 kernel-default-base-4.12.14-122.261.1 kernel-default-devel-4.12.14-122.261.1 kernel-default-extra-4.12.14-122.261.1 kernel-default-kgraft-4.12.14-122.261.1 kernel-default-kgraft-devel-4.12.14-122.261.1 kernel-default-man-4.12.14-122.261.1 kernel-devel-4.12.14-122.261.1 kernel-docs-4.12.14-122.261.1 kernel-docs-html-4.12.14-122.261.1 kernel-kvmsmall-4.12.14-122.261.1 kernel-kvmsmall-base-4.12.14-122.261.1 kernel-kvmsmall-devel-4.12.14-122.261.1 kernel-macros-4.12.14-122.261.1 kernel-obs-build-4.12.14-122.261.1 kernel-obs-qa-4.12.14-122.261.1 kernel-source-4.12.14-122.261.1 kernel-source-vanilla-4.12.14-122.261.1 kernel-syms-4.12.14-122.261.1 kernel-vanilla-4.12.14-122.261.1 kernel-vanilla-base-4.12.14-122.261.1 kernel-vanilla-devel-4.12.14-122.261.1 kernel-zfcpdump-4.12.14-122.261.1 kernel-zfcpdump-man-4.12.14-122.261.1 kgraft-patch-4_12_14-122_261-default-1-8.3.1 kselftests-kmp-default-4.12.14-122.261.1 ocfs2-kmp-default-4.12.14-122.261.1 kernel-default-kgraft-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-default-kgraft-devel-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_261-default-1-8.3.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 cluster-md-kmp-default-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS dlm-kmp-default-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS gfs2-kmp-default-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-default-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-default-base-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-default-devel-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-default-man-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-devel-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-macros-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-source-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-syms-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS ocfs2-kmp-default-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS cluster-md-kmp-default-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 dlm-kmp-default-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 gfs2-kmp-default-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-default-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-default-base-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-default-devel-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-devel-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-macros-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-source-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-syms-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 ocfs2-kmp-default-4.12.14-122.261.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash(). CVE-2020-36791 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2020-36791.html CVE-2020-36791 https://bugzilla.suse.com/1242835 SUSE Bug 1242835 A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. CVE-2021-20320 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2021-20320.html CVE-2021-20320 https://bugzilla.suse.com/1190601 SUSE Bug 1190601 A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. CVE-2021-4159 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2021-4159.html CVE-2021-4159 https://bugzilla.suse.com/1194227 SUSE Bug 1194227 In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in the kernel; it's merely an invalid request from the user and the usbfs code does handle it correctly. In theory the same thing can happen with async transfers, or with the packet descriptor table for isochronous transfers. To prevent the MM subsystem from complaining about these bad allocation requests, add the __GFP_NOWARN flag to the kmalloc calls for these buffers. CVE-2021-47170 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2021-47170.html CVE-2021-47170 https://bugzilla.suse.com/1222004 SUSE Bug 1222004 In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni(). Reordering the lines solves the issue. CVE-2021-47670 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2021-47670.html CVE-2021-47670 https://bugzilla.suse.com/1241407 SUSE Bug 1241407 A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. CVE-2022-3564 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-3564.html CVE-2022-3564 https://bugzilla.suse.com/1206073 SUSE Bug 1206073 https://bugzilla.suse.com/1206314 SUSE Bug 1206314 https://bugzilla.suse.com/1208030 SUSE Bug 1208030 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1208085 SUSE Bug 1208085 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication is ongoing. Here a trace triggering the race with the hostapd test multi_ap_fronthaul_on_ap: (gdb) list *drv_ampdu_action+0x46 0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396). 391 int ret = -EOPNOTSUPP; 392 393 might_sleep(); 394 395 sdata = get_bss_sdata(sdata); 396 if (!check_sdata_in_driver(sdata)) 397 return -EIO; 398 399 trace_drv_ampdu_action(local, sdata, params); 400 wlan0: moving STA 02:00:00:00:03:00 to state 3 wlan0: associated wlan0: deauthenticating from 02:00:00:00:03:00 by local choice (Reason: 3=DEAUTH_LEAVING) wlan3.sta1: Open BA session requested for 02:00:00:00:00:00 tid 0 wlan3.sta1: dropped frame to 02:00:00:00:00:00 (unauthorized port) wlan0: moving STA 02:00:00:00:03:00 to state 2 wlan0: moving STA 02:00:00:00:03:00 to state 1 wlan0: Removed STA 02:00:00:00:03:00 wlan0: Destroyed STA 02:00:00:00:03:00 BUG: unable to handle page fault for address: fffffffffffffb48 PGD 11814067 P4D 11814067 PUD 11816067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 133397 Comm: kworker/u16:1 Tainted: G W 6.1.0-rc8-wt+ #59 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-20220807_005459-localhost 04/01/2014 Workqueue: phy3 ieee80211_ba_session_work [mac80211] RIP: 0010:drv_ampdu_action+0x46/0x280 [mac80211] Code: 53 48 89 f3 be 89 01 00 00 e8 d6 43 bf ef e8 21 46 81 f0 83 bb a0 1b 00 00 04 75 0e 48 8b 9b 28 0d 00 00 48 81 eb 10 0e 00 00 <8b> 93 58 09 00 00 f6 c2 20 0f 84 3b 01 00 00 8b 05 dd 1c 0f 00 85 RSP: 0018:ffffc900025ebd20 EFLAGS: 00010287 RAX: 0000000000000000 RBX: fffffffffffff1f0 RCX: ffff888102228240 RDX: 0000000080000000 RSI: ffffffff918c5de0 RDI: ffff888102228b40 RBP: ffffc900025ebd40 R08: 0000000000000001 R09: 0000000000000001 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888118c18ec0 R13: 0000000000000000 R14: ffffc900025ebd60 R15: ffff888018b7efb8 FS: 0000000000000000(0000) GS:ffff88817a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffffffffffb48 CR3: 0000000105228006 CR4: 0000000000170ee0 Call Trace: <TASK> ieee80211_tx_ba_session_handle_start+0xd0/0x190 [mac80211] ieee80211_ba_session_work+0xff/0x2e0 [mac80211] process_one_work+0x29f/0x620 worker_thread+0x4d/0x3d0 ? process_one_work+0x620/0x620 kthread+0xfb/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 </TASK> CVE-2022-48875 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-48875.html CVE-2022-48875 https://bugzilla.suse.com/1229516 SUSE Bug 1229516 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, LE link type and a status that triggers the second case of the packet processing a NULL pointer dereference happens, as conn->link is NULL. CVE-2022-49139 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49139.html CVE-2022-49139 https://bugzilla.suse.com/1238032 SUSE Bug 1238032 In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then. BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/ CVE-2022-49145 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49145.html CVE-2022-49145 https://bugzilla.suse.com/1238162 SUSE Bug 1238162 In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bio_endio() on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs because we race with the endio function that is cleaning up the bio. Instead just return BLK_STS_OK as the repair function has to continue to process the rest of the pages, and the endio for the repair bio will do the appropriate cleanup for the page that it was given. CVE-2022-49168 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49168.html CVE-2022-49168 https://bugzilla.suse.com/1238109 SUSE Bug 1238109 In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree() of bootmem memory again Since commit ebff7d8f270d ("mem hotunplug: fix kfree() of bootmem memory"), we could get a resource allocated during boot via alloc_resource(). And it's required to release the resource using free_resource(). Howerver, many people use kfree directly which will result in kernel BUG. In order to fix this without fixing every call site, just leak a couple of bytes in such corner case. CVE-2022-49190 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49190.html CVE-2022-49190 https://bugzilla.suse.com/1238130 SUSE Bug 1238130 In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init The reference counting issue happens in several error handling paths on a refcounted object "nc->dmac". In these paths, the function simply returns the error code, forgetting to balance the reference count of "nc->dmac", increased earlier by dma_request_channel(), which may cause refcount leaks. Fix it by decrementing the refcount of specific object in those error paths. CVE-2022-49212 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49212.html CVE-2022-49212 https://bugzilla.suse.com/1238331 SUSE Bug 1238331 In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix reference leak in tegra_dsi_ganged_probe The reference taken by 'of_find_device_by_node()' must be released when not needed anymore. Add put_device() call to fix this. CVE-2022-49216 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49216.html CVE-2022-49216 https://bugzilla.suse.com/1238338 SUSE Bug 1238338 In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htc_connect_service() svc_meta_len and pad are not initialized. Based on code it looks like in current skb there is no service data, so simply initialize svc_meta_len to 0. htc_issue_send() does not initialize htc_frame_hdr::control array. Based on firmware code, it will initialize it by itself, so simply zero whole array to make KMSAN happy Fail logs: BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline] hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline] htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275 ... Uninit was created at: slab_post_alloc_hook mm/slab.h:524 [inline] slab_alloc_node mm/slub.c:3251 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1126 [inline] htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258 ... Bytes 4-7 of 18 are uninitialized Memory access of size 18 starts at ffff888027377e00 BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline] hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline] htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275 ... Uninit was created at: slab_post_alloc_hook mm/slab.h:524 [inline] slab_alloc_node mm/slub.c:3251 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1126 [inline] htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258 ... Bytes 16-17 of 18 are uninitialized Memory access of size 18 starts at ffff888027377e00 CVE-2022-49235 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49235.html CVE-2022-49235 https://bugzilla.suse.com/1238333 SUSE Bug 1238333 In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f ("ALSA: firewire-lib: Add support for deferred transaction") while 'deferrable' flag can be uninitialized for non-control/notify AV/C transactions. UBSAN reports it: kernel: ================================================================================ kernel: UBSAN: invalid-load in /build/linux-aa0B4d/linux-5.15.0/sound/firewire/fcp.c:363:9 kernel: load of value 158 is not a valid value for type '_Bool' kernel: CPU: 3 PID: 182227 Comm: irq/35-firewire Tainted: P OE 5.15.0-18-generic #18-Ubuntu kernel: Hardware name: Gigabyte Technology Co., Ltd. AX370-Gaming 5/AX370-Gaming 5, BIOS F42b 08/01/2019 kernel: Call Trace: kernel: <IRQ> kernel: show_stack+0x52/0x58 kernel: dump_stack_lvl+0x4a/0x5f kernel: dump_stack+0x10/0x12 kernel: ubsan_epilogue+0x9/0x45 kernel: __ubsan_handle_load_invalid_value.cold+0x44/0x49 kernel: fcp_response.part.0.cold+0x1a/0x2b [snd_firewire_lib] kernel: fcp_response+0x28/0x30 [snd_firewire_lib] kernel: fw_core_handle_request+0x230/0x3d0 [firewire_core] kernel: handle_ar_packet+0x1d9/0x200 [firewire_ohci] kernel: ? handle_ar_packet+0x1d9/0x200 [firewire_ohci] kernel: ? transmit_complete_callback+0x9f/0x120 [firewire_core] kernel: ar_context_tasklet+0xa8/0x2e0 [firewire_ohci] kernel: tasklet_action_common.constprop.0+0xea/0xf0 kernel: tasklet_action+0x22/0x30 kernel: __do_softirq+0xd9/0x2e3 kernel: ? irq_finalize_oneshot.part.0+0xf0/0xf0 kernel: do_softirq+0x75/0xa0 kernel: </IRQ> kernel: <TASK> kernel: __local_bh_enable_ip+0x50/0x60 kernel: irq_forced_thread_fn+0x7e/0x90 kernel: irq_thread+0xba/0x190 kernel: ? irq_thread_fn+0x60/0x60 kernel: kthread+0x11e/0x140 kernel: ? irq_thread_check_affinity+0xf0/0xf0 kernel: ? set_kthread_struct+0x50/0x50 kernel: ret_from_fork+0x22/0x30 kernel: </TASK> kernel: ================================================================================ This commit fixes the bug. The bug has no disadvantage for the non- control/notify AV/C transactions since the flag has an effect for AV/C response with INTERIM (0x0f) status which is not used for the transactions in AV/C general specification. CVE-2022-49248 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49248.html CVE-2022-49248 https://bugzilla.suse.com/1238284 SUSE Bug 1238284 In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path. CVE-2022-49253 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49253.html CVE-2022-49253 https://bugzilla.suse.com/1238420 SUSE Bug 1238420 In the Linux kernel, the following vulnerability has been resolved: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type In zynqmp_dma_alloc/free_chan_resources functions there is a potential overflow in the below expressions. dma_alloc_coherent(chan->dev, (2 * chan->desc_size * ZYNQMP_DMA_NUM_DESCS), &chan->desc_pool_p, GFP_KERNEL); dma_free_coherent(chan->dev,(2 * ZYNQMP_DMA_DESC_SIZE(chan) * ZYNQMP_DMA_NUM_DESCS), chan->desc_pool_v, chan->desc_pool_p); The arguments desc_size and ZYNQMP_DMA_NUM_DESCS were 32 bit. Though this overflow condition is not observed but it is a potential problem in the case of 32-bit multiplication. Hence fix it by changing the desc_size data type to size_t. In addition to coverity fix it also reuse ZYNQMP_DMA_DESC_SIZE macro in dma_alloc_coherent API argument. Addresses-Coverity: Event overflow_before_widen. CVE-2022-49320 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49320.html CVE-2022-49320 https://bugzilla.suse.com/1238394 SUSE Bug 1238394 In the Linux kernel, the following vulnerability has been resolved: rtl818x: Prevent using not initialized queues Using not existing queues can panic the kernel with rtl8180/rtl8185 cards. Ignore the skb priority for those cards, they only have one tx queue. Pierre Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum: https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html He also confirmed that this patch fixes the issue. In summary this happened: After updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a "divide error: 0000" when connecting to an AP. Control port tx now tries to use IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in 2.10. Since only the rtl8187se part of the driver supports QoS, the priority of the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185 cards. rtl8180 is then unconditionally reading out the priority and finally crashes on drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this patch: idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries "ring->entries" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got initialized. CVE-2022-49326 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49326.html CVE-2022-49326 https://bugzilla.suse.com/1238646 SUSE Bug 1238646 In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in __device_attach In __device_attach function, The lock holding logic is as follows: ... __device_attach device_lock(dev) // get lock dev async_schedule_dev(__device_attach_async_helper, dev); // func async_schedule_node async_schedule_node_domain(func) entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC); /* when fail or work limit, sync to execute func, but __device_attach_async_helper will get lock dev as well, which will lead to A-A deadlock. */ if (!entry || atomic_read(&entry_count) > MAX_WORK) { func; else queue_work_node(node, system_unbound_wq, &entry->work) device_unlock(dev) As shown above, when it is allowed to do async probes, because of out of memory or work limit, async work is not allowed, to do sync execute instead. it will lead to A-A deadlock because of __device_attach_async_helper getting lock dev. To fix the deadlock, move the async_schedule_dev outside device_lock, as we can see, in async_schedule_node_domain, the parameter of queue_work_node is system_unbound_wq, so it can accept concurrent operations. which will also not change the code logic, and will not lead to deadlock. CVE-2022-49371 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49371.html CVE-2022-49371 https://bugzilla.suse.com/1238546 SUSE Bug 1238546 In the Linux kernel, the following vulnerability has been resolved: soc: rockchip: Fix refcount leak in rockchip_grf_init of_find_matching_node_and_match returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. CVE-2022-49382 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49382.html CVE-2022-49382 https://bugzilla.suse.com/1238306 SUSE Bug 1238306 In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset controller in case of a late probe error (e.g. probe deferral). Note that due to the reset controller being defined in devicetree in "lane" child nodes, devm_reset_control_get_exclusive() cannot be used directly. CVE-2022-49396 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49396.html CVE-2022-49396 https://bugzilla.suse.com/1238289 SUSE Bug 1238289 In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add more annotations to potential lockless readers. BUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg write to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0: __ip6_datagram_connect+0x6e2/0x930 net/ipv6/datagram.c:221 ip6_datagram_connect+0x2a/0x40 net/ipv6/datagram.c:272 inet_dgram_connect+0x107/0x190 net/ipv4/af_inet.c:576 __sys_connect_file net/socket.c:1900 [inline] __sys_connect+0x197/0x1b0 net/socket.c:1917 __do_sys_connect net/socket.c:1927 [inline] __se_sys_connect net/socket.c:1924 [inline] __x64_sys_connect+0x3d/0x50 net/socket.c:1924 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae read to 0xffff888136d47a94 of 4 bytes by task 7670 on cpu 1: udpv6_sendmsg+0xc60/0x16e0 net/ipv6/udp.c:1436 inet6_sendmsg+0x5f/0x80 net/ipv6/af_inet6.c:652 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] ____sys_sendmsg+0x39a/0x510 net/socket.c:2413 ___sys_sendmsg net/socket.c:2467 [inline] __sys_sendmmsg+0x267/0x4c0 net/socket.c:2553 __do_sys_sendmmsg net/socket.c:2582 [inline] __se_sys_sendmmsg net/socket.c:2579 [inline] __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2579 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x50 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae value changed: 0x00000000 -> 0xffffff9b Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 7670 Comm: syz-executor.3 Tainted: G W 5.18.0-rc1-syzkaller-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 I chose to not add Fixes: tag because race has minor consequences and stable teams busy enough. CVE-2022-49420 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49420.html CVE-2022-49420 https://bugzilla.suse.com/1238887 SUSE Bug 1238887 In the Linux kernel, the following vulnerability has been resolved: tty: fix deadlock caused by calling printk() under tty_port->lock pty_write() invokes kmalloc() which may invoke a normal printk() to print failure message. This can cause a deadlock in the scenario reported by syz-bot below: CPU0 CPU1 CPU2 ---- ---- ---- lock(console_owner); lock(&port_lock_key); lock(&port->lock); lock(&port_lock_key); lock(&port->lock); lock(console_owner); As commit dbdda842fe96 ("printk: Add console owner and waiter logic to load balance console writes") said, such deadlock can be prevented by using printk_deferred() in kmalloc() (which is invoked in the section guarded by the port->lock). But there are too many printk() on the kmalloc() path, and kmalloc() can be called from anywhere, so changing printk() to printk_deferred() is too complicated and inelegant. Therefore, this patch chooses to specify __GFP_NOWARN to kmalloc(), so that printk() will not be called, and this deadlock problem can be avoided. Syzbot reported the following lockdep error: ====================================================== WARNING: possible circular locking dependency detected 5.4.143-00237-g08ccc19a-dirty #10 Not tainted ------------------------------------------------------ syz-executor.4/29420 is trying to acquire lock: ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: console_trylock_spinning kernel/printk/printk.c:1752 [inline] ffffffff8aedb2a0 (console_owner){....}-{0:0}, at: vprintk_emit+0x2ca/0x470 kernel/printk/printk.c:2023 but task is already holding lock: ffff8880119c9158 (&port->lock){-.-.}-{2:2}, at: pty_write+0xf4/0x1f0 drivers/tty/pty.c:120 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&port->lock){-.-.}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159 tty_port_tty_get drivers/tty/tty_port.c:288 [inline] <-- lock(&port->lock); tty_port_default_wakeup+0x1d/0xb0 drivers/tty/tty_port.c:47 serial8250_tx_chars+0x530/0xa80 drivers/tty/serial/8250/8250_port.c:1767 serial8250_handle_irq.part.0+0x31f/0x3d0 drivers/tty/serial/8250/8250_port.c:1854 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1827 [inline] <-- lock(&port_lock_key); serial8250_default_handle_irq+0xb2/0x220 drivers/tty/serial/8250/8250_port.c:1870 serial8250_interrupt+0xfd/0x200 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x109/0xa50 kernel/irq/handle.c:156 [...] -> #1 (&port_lock_key){-.-.}-{2:2}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x35/0x50 kernel/locking/spinlock.c:159 serial8250_console_write+0x184/0xa40 drivers/tty/serial/8250/8250_port.c:3198 <-- lock(&port_lock_key); call_console_drivers kernel/printk/printk.c:1819 [inline] console_unlock+0x8cb/0xd00 kernel/printk/printk.c:2504 vprintk_emit+0x1b5/0x470 kernel/printk/printk.c:2024 <-- lock(console_owner); vprintk_func+0x8d/0x250 kernel/printk/printk_safe.c:394 printk+0xba/0xed kernel/printk/printk.c:2084 register_console+0x8b3/0xc10 kernel/printk/printk.c:2829 univ8250_console_init+0x3a/0x46 drivers/tty/serial/8250/8250_core.c:681 console_init+0x49d/0x6d3 kernel/printk/printk.c:2915 start_kernel+0x5e9/0x879 init/main.c:713 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:241 -> #0 (console_owner){....}-{0:0}: [...] lock_acquire+0x127/0x340 kernel/locking/lockdep.c:4734 console_trylock_spinning kernel/printk/printk.c:1773 ---truncated--- CVE-2022-49441 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49441.html CVE-2022-49441 https://bugzilla.suse.com/1238263 SUSE Bug 1238263 In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() It will cause null-ptr-deref when using 'res', if platform_get_resource() returns NULL, so move using 'res' after devm_ioremap_resource() that will check it to avoid null-ptr-deref. And use devm_platform_get_and_ioremap_resource() to simplify code. CVE-2022-49445 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49445.html CVE-2022-49445 https://bugzilla.suse.com/1238019 SUSE Bug 1238019 In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: rk3399_dmc: Disable edev on remove() Otherwise we hit an unablanced enable-count when unbinding the DFI device: [ 1279.659119] ------------[ cut here ]------------ [ 1279.659179] WARNING: CPU: 2 PID: 5638 at drivers/devfreq/devfreq-event.c:360 devfreq_event_remove_edev+0x84/0x8c ... [ 1279.659352] Hardware name: Google Kevin (DT) [ 1279.659363] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--) [ 1279.659371] pc : devfreq_event_remove_edev+0x84/0x8c [ 1279.659380] lr : devm_devfreq_event_release+0x1c/0x28 ... [ 1279.659571] Call trace: [ 1279.659582] devfreq_event_remove_edev+0x84/0x8c [ 1279.659590] devm_devfreq_event_release+0x1c/0x28 [ 1279.659602] release_nodes+0x1cc/0x244 [ 1279.659611] devres_release_all+0x44/0x60 [ 1279.659621] device_release_driver_internal+0x11c/0x1ac [ 1279.659629] device_driver_detach+0x20/0x2c [ 1279.659641] unbind_store+0x7c/0xb0 [ 1279.659650] drv_attr_store+0x2c/0x40 [ 1279.659663] sysfs_kf_write+0x44/0x58 [ 1279.659672] kernfs_fop_write_iter+0xf4/0x190 [ 1279.659684] vfs_write+0x2b0/0x2e4 [ 1279.659693] ksys_write+0x80/0xec [ 1279.659701] __arm64_sys_write+0x24/0x30 [ 1279.659714] el0_svc_common+0xf0/0x1d8 [ 1279.659724] do_el0_svc_compat+0x28/0x3c [ 1279.659738] el0_svc_compat+0x10/0x1c [ 1279.659746] el0_sync_compat_handler+0xa8/0xcc [ 1279.659758] el0_sync_compat+0x188/0x1c0 [ 1279.659768] ---[ end trace cec200e5094155b4 ]--- CVE-2022-49460 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49460.html CVE-2022-49460 https://bugzilla.suse.com/1238892 SUSE Bug 1238892 In the Linux kernel, the following vulnerability has been resolved: drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() drm_gem_object_lookup will call drm_gem_object_get inside. So cursor_bo needs to be put when msm_gem_get_and_pin_iova fails. CVE-2022-49467 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49467.html CVE-2022-49467 https://bugzilla.suse.com/1238815 SUSE Bug 1238815 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout Connecting the same socket twice consecutively in sco_sock_connect() could lead to a race condition where two sco_conn objects are created but only one is associated with the socket. If the socket is closed before the SCO connection is established, the timer associated with the dangling sco_conn object won't be canceled. As the sock object is being freed, the use-after-free problem happens when the timer callback function sco_sock_timeout() accesses the socket. Here's the call trace: dump_stack+0x107/0x163 ? refcount_inc+0x1c/ print_address_description.constprop.0+0x1c/0x47e ? refcount_inc+0x1c/0x7b kasan_report+0x13a/0x173 ? refcount_inc+0x1c/0x7b check_memory_region+0x132/0x139 refcount_inc+0x1c/0x7b sco_sock_timeout+0xb2/0x1ba process_one_work+0x739/0xbd1 ? cancel_delayed_work+0x13f/0x13f ? __raw_spin_lock_init+0xf0/0xf0 ? to_kthread+0x59/0x85 worker_thread+0x593/0x70e kthread+0x346/0x35a ? drain_workqueue+0x31a/0x31a ? kthread_bind+0x4b/0x4b ret_from_fork+0x1f/0x30 CVE-2022-49474 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49474.html CVE-2022-49474 https://bugzilla.suse.com/1238071 SUSE Bug 1238071 In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() It will cause null-ptr-deref in resource_size(), if platform_get_resource() returns NULL, move calling resource_size() after devm_ioremap_resource() that will check 'res' to avoid null-ptr-deref. CVE-2022-49491 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49491.html CVE-2022-49491 https://bugzilla.suse.com/1238539 SUSE Bug 1238539 In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix The "rxstatus->rs_keyix" eventually gets passed to test_bit() so we need to ensure that it is within the bitmap. drivers/net/wireless/ath/ath9k/common.c:46 ath9k_cmn_rx_accept() error: passing untrusted data 'rx_stats->rs_keyix' to 'test_bit()' CVE-2022-49503 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49503.html CVE-2022-49503 https://bugzilla.suse.com/1238868 SUSE Bug 1238868 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49592 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49592.html CVE-2022-49592 https://bugzilla.suse.com/1238311 SUSE Bug 1238311 In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efx_ef10_try_update_nic_stats_vf. When releasing a DMA coherent buffer, sometimes, I don't know in what specific circumstances, it has to unmap memory with vunmap. It is disallowed to do that in IRQ context or with BH disabled. Otherwise, we hit this line in vunmap, causing the crash: BUG_ON(in_interrupt()); This patch reenables BH to release the buffer. Log messages when the bug is hit: kernel BUG at mm/vmalloc.c:2727! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 6 PID: 1462 Comm: NetworkManager Kdump: loaded Tainted: G I --------- --- 5.14.0-119.el9.x86_64 #1 Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020 RIP: 0010:vunmap+0x2e/0x30 ...skip... Call Trace: __iommu_dma_free+0x96/0x100 efx_nic_free_buffer+0x2b/0x40 [sfc] efx_ef10_try_update_nic_stats_vf+0x14a/0x1c0 [sfc] efx_ef10_update_stats_vf+0x18/0x40 [sfc] efx_start_all+0x15e/0x1d0 [sfc] efx_net_open+0x5a/0xe0 [sfc] __dev_open+0xe7/0x1a0 __dev_change_flags+0x1d7/0x240 dev_change_flags+0x21/0x60 ...skip... CVE-2022-49625 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49625.html CVE-2022-49625 https://bugzilla.suse.com/1238411 SUSE Bug 1238411 In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines hole_end can be small enough to cause subtraction overflow. On the other side (addr + 2 * min_alignment) can overflow in case of mock tests. This patch should handle both cases. (cherry picked from commit ab3edc679c552a466e4bf0b11af3666008bd65a2) CVE-2022-49635 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49635.html CVE-2022-49635 https://bugzilla.suse.com/1238806 SUSE Bug 1238806 In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not needed anymore. Add missing of_node_put() in to fix this. CVE-2022-49652 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49652.html CVE-2022-49652 https://bugzilla.suse.com/1238871 SUSE Bug 1238871 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49715 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49715.html CVE-2022-49715 https://bugzilla.suse.com/1238818 SUSE Bug 1238818 In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in __ip6_append_data Resurrect ubsan overflow checks and ubsan report this warning, fix it by change the variable [length] type to size_t. UBSAN: signed-integer-overflow in net/ipv6/ip6_output.c:1489:19 2147479552 + 8567 cannot be represented in type 'int' CPU: 0 PID: 253 Comm: err Not tainted 5.16.0+ #1 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x214/0x230 show_stack+0x30/0x78 dump_stack_lvl+0xf8/0x118 dump_stack+0x18/0x30 ubsan_epilogue+0x18/0x60 handle_overflow+0xd0/0xf0 __ubsan_handle_add_overflow+0x34/0x44 __ip6_append_data.isra.48+0x1598/0x1688 ip6_append_data+0x128/0x260 udpv6_sendmsg+0x680/0xdd0 inet6_sendmsg+0x54/0x90 sock_sendmsg+0x70/0x88 ____sys_sendmsg+0xe8/0x368 ___sys_sendmsg+0x98/0xe0 __sys_sendmmsg+0xf4/0x3b8 __arm64_sys_sendmmsg+0x34/0x48 invoke_syscall+0x64/0x160 el0_svc_common.constprop.4+0x124/0x300 do_el0_svc+0x44/0xc8 el0_svc+0x3c/0x1e8 el0t_64_sync_handler+0x88/0xb0 el0t_64_sync+0x16c/0x170 Changes since v1: -Change the variable [length] type to unsigned, as Eric Dumazet suggested. Changes since v2: -Don't change exthdrlen type in ip6_make_skb, as Paolo Abeni suggested. Changes since v3: -Don't change ulen type in udpv6_sendmsg and l2tp_ip6_sendmsg, as Jakub Kicinski suggested. CVE-2022-49728 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49728.html CVE-2022-49728 https://bugzilla.suse.com/1239111 SUSE Bug 1239111 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49729 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49729.html CVE-2022-49729 https://bugzilla.suse.com/1239060 SUSE Bug 1239060 In the Linux kernel, the following vulnerability has been resolved: w1: fix WARNING after calling w1_process() I got the following WARNING message while removing driver(ds2482): ------------[ cut here ]------------ do not call blocking ops when !TASK_RUNNING; state=1 set at [<000000002d50bfb6>] w1_process+0x9e/0x1d0 [wire] WARNING: CPU: 0 PID: 262 at kernel/sched/core.c:9817 __might_sleep+0x98/0xa0 CPU: 0 PID: 262 Comm: w1_bus_master1 Tainted: G N 6.1.0-rc3+ #307 RIP: 0010:__might_sleep+0x98/0xa0 Call Trace: exit_signals+0x6c/0x550 do_exit+0x2b4/0x17e0 kthread_exit+0x52/0x60 kthread+0x16d/0x1e0 ret_from_fork+0x1f/0x30 The state of task is set to TASK_INTERRUPTIBLE in loop in w1_process(), set it to TASK_RUNNING when it breaks out of the loop to avoid the warning. CVE-2022-49751 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49751.html CVE-2022-49751 https://bugzilla.suse.com/1240254 SUSE Bug 1240254 In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in run_one_delayed_ref() Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging. This patch will: - Add extra info for error reporting Including: * logical bytenr * num_bytes * type * action * ref_mod - Replace the btrfs_debug() with btrfs_err() - Move the error reporting into run_one_delayed_ref() This is to avoid use-after-free, the @node can be freed in the caller. This error should only be triggered at most once. As if run_one_delayed_ref() failed, we trigger the error message, then causing the call chain to error out: btrfs_run_delayed_refs() `- btrfs_run_delayed_refs() `- btrfs_run_delayed_refs_for_head() `- run_one_delayed_ref() And we will abort the current transaction in btrfs_run_delayed_refs(). If we have to run delayed refs for the abort transaction, run_one_delayed_ref() will just cleanup the refs and do nothing, thus no new error messages would be output. CVE-2022-49761 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49761.html CVE-2022-49761 https://bugzilla.suse.com/1240261 SUSE Bug 1240261 In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sb_bsize_shift after reading superblock Fuzzers like to scribble over sb_bsize_shift but in reality it's very unlikely that this field would be corrupted on its own. Nevertheless it should be checked to avoid the possibility of messy mount errors due to bad calculations. It's always a fixed value based on the block size so we can just check that it's the expected value. Tested with: mkfs.gfs2 -O -p lock_nolock /dev/vdb for i in 0 -1 64 65 32 33; do gfs2_edit -p sb field sb_bsize_shift $i /dev/vdb mount /dev/vdb /mnt/test && umount /mnt/test done Before this patch we get a withdraw after [ 76.413681] gfs2: fsid=loop0.0: fatal: invalid metadata block [ 76.413681] bh = 19 (type: exp=5, found=4) [ 76.413681] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 492 and with UBSAN configured we also get complaints like [ 76.373395] UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:295:19 [ 76.373815] shift exponent 4294967287 is too large for 64-bit type 'long unsigned int' After the patch, these complaints don't appear, mount fails immediately and we get an explanation in dmesg. CVE-2022-49769 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49769.html CVE-2022-49769 https://bugzilla.suse.com/1242440 SUSE Bug 1242440 In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using the "dm_target_iterate(list_version_get_needed, &needed)" call and then will fill the space using the "dm_target_iterate(list_version_get_info, &iter_info)" call. Each of these calls locks the targets using the "down_read(&_lock)" and "up_read(&_lock)" calls, however between the first and second "dm_target_iterate" there is no lock held and the target modules can be loaded at this point, so the second "dm_target_iterate" call may need more space than what was the first "dm_target_iterate" returned. The code tries to handle this overflow (see the beginning of list_version_get_info), however this handling is incorrect. The code sets "param->data_size = param->data_start + needed" and "iter_info.end = (char *)vers+len" - "needed" is the size returned by the first dm_target_iterate call; "len" is the size of the buffer allocated by userspace. "len" may be greater than "needed"; in this case, the code will write up to "len" bytes into the buffer, however param->data_size is set to "needed", so it may write data past the param->data_size value. The ioctl interface copies only up to param->data_size into userspace, thus part of the result will be truncated. Fix this bug by setting "iter_info.end = (char *)vers + needed;" - this guarantees that the second "dm_target_iterate" call will write only up to the "needed" buffer and it will exit with "DM_BUFFER_FULL_FLAG" if it overflows the "needed" space - in this case, userspace will allocate a larger buffer and retry. Note that there is also a bug in list_version_get_needed - we need to add "strlen(tt->name) + 1" to the needed size, not "strlen(tt->name)". CVE-2022-49771 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49771.html CVE-2022-49771 https://bugzilla.suse.com/1242686 SUSE Bug 1242686 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() snd_usbmidi_output_open() has a check of the NULL port with snd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened, but in reality, the NULL port may be seen when the device gives an invalid endpoint setup at the descriptor, hence the driver skips the allocation. That is, the check itself is valid and snd_BUG_ON() should be dropped from there. Otherwise it's confusing as if it were a real bug, as recently syzbot stumbled on it. CVE-2022-49772 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49772.html CVE-2022-49772 https://bugzilla.suse.com/1242147 SUSE Bug 1242147 In the Linux kernel, the following vulnerability has been resolved: tcp: cdg: allow tcp_cdg_release() to be called multiple times Apparently, mptcp is able to call tcp_disconnect() on an already disconnected flow. This is generally fine, unless current congestion control is CDG, because it might trigger a double-free [1] Instead of fixing MPTCP, and future bugs, we can make tcp_disconnect() more resilient. [1] BUG: KASAN: double-free in slab_free mm/slub.c:3539 [inline] BUG: KASAN: double-free in kfree+0xe2/0x580 mm/slub.c:4567 CPU: 0 PID: 3645 Comm: kworker/0:7 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Workqueue: events mptcp_worker Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:317 [inline] print_report.cold+0x2ba/0x719 mm/kasan/report.c:433 kasan_report_invalid_free+0x81/0x190 mm/kasan/report.c:462 ____kasan_slab_free+0x18b/0x1c0 mm/kasan/common.c:356 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1759 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785 slab_free mm/slub.c:3539 [inline] kfree+0xe2/0x580 mm/slub.c:4567 tcp_disconnect+0x980/0x1e20 net/ipv4/tcp.c:3145 __mptcp_close_ssk+0x5ca/0x7e0 net/mptcp/protocol.c:2327 mptcp_do_fastclose net/mptcp/protocol.c:2592 [inline] mptcp_worker+0x78c/0xff0 net/mptcp/protocol.c:2627 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 </TASK> Allocated by task 3671: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:437 [inline] ____kasan_kmalloc mm/kasan/common.c:516 [inline] ____kasan_kmalloc mm/kasan/common.c:475 [inline] __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:525 kmalloc_array include/linux/slab.h:640 [inline] kcalloc include/linux/slab.h:671 [inline] tcp_cdg_init+0x10d/0x170 net/ipv4/tcp_cdg.c:380 tcp_init_congestion_control+0xab/0x550 net/ipv4/tcp_cong.c:193 tcp_reinit_congestion_control net/ipv4/tcp_cong.c:217 [inline] tcp_set_congestion_control+0x96c/0xaa0 net/ipv4/tcp_cong.c:391 do_tcp_setsockopt+0x505/0x2320 net/ipv4/tcp.c:3513 tcp_setsockopt+0xd4/0x100 net/ipv4/tcp.c:3801 mptcp_setsockopt+0x35f/0x2570 net/mptcp/sockopt.c:844 __sys_setsockopt+0x2d6/0x690 net/socket.c:2252 __do_sys_setsockopt net/socket.c:2263 [inline] __se_sys_setsockopt net/socket.c:2260 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2260 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 16: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:367 [inline] ____kasan_slab_free+0x166/0x1c0 mm/kasan/common.c:329 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1759 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785 slab_free mm/slub.c:3539 [inline] kfree+0xe2/0x580 mm/slub.c:4567 tcp_cleanup_congestion_control+0x70/0x120 net/ipv4/tcp_cong.c:226 tcp_v4_destroy_sock+0xdd/0x750 net/ipv4/tcp_ipv4.c:2254 tcp_v6_destroy_sock+0x11/0x20 net/ipv6/tcp_ipv6.c:1969 inet_csk_destroy_sock+0x196/0x440 net/ipv4/inet_connection_sock.c:1157 tcp_done+0x23b/0x340 net/ipv4/tcp.c:4649 tcp_rcv_state_process+0x40e7/0x4990 net/ipv4/tcp_input.c:6624 tcp_v6_do_rcv+0x3fc/0x13c0 net/ipv6/tcp_ipv6.c:1525 tcp_v6_rcv+0x2e8e/0x3830 net/ipv6/tcp_ipv6.c:1759 ip6_protocol_deliver_rcu+0x2db/0x1950 net/ipv6/ip6_input.c:439 ip6_input_finish+0x14c/0x2c0 net/ipv6/ip6_input.c:484 NF_HOOK include/linux/netfilter.h:302 [inline] NF_HOOK include/linux/netfilter.h:296 [inline] ip6_input+0x9c/0xd ---truncated--- CVE-2022-49775 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49775.html CVE-2022-49775 https://bugzilla.suse.com/1242245 SUSE Bug 1242245 https://bugzilla.suse.com/1242257 SUSE Bug 1242257 In the Linux kernel, the following vulnerability has been resolved: macvlan: enforce a consistent minimal mtu macvlan should enforce a minimal mtu of 68, even at link creation. This patch avoids the current behavior (which could lead to crashes in ipv6 stack if the link is brought up) $ ip link add macvlan1 link eno1 mtu 8 type macvlan # This should fail ! $ ip link sh dev macvlan1 5: macvlan1@eno1: <BROADCAST,MULTICAST> mtu 8 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 02:47:6c:24:74:82 brd ff:ff:ff:ff:ff:ff $ ip link set macvlan1 mtu 67 Error: mtu less than device minimum. $ ip link set macvlan1 mtu 68 $ ip link set macvlan1 mtu 8 Error: mtu less than device minimum. CVE-2022-49776 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49776.html CVE-2022-49776 https://bugzilla.suse.com/1242248 SUSE Bug 1242248 In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() pci_get_device() will increase the reference count for the returned pci_dev. We need to use pci_dev_put() to decrease the reference count before amd_probe() returns. There is no problem for the 'smbus_dev == NULL' branch because pci_dev_put() can also handle the NULL input parameter case. CVE-2022-49787 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49787.html CVE-2022-49787 https://bugzilla.suse.com/1242352 SUSE Bug 1242352 In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121 instrument_copy_to_user ./include/linux/instrumented.h:121 _copy_to_user+0x5f/0xb0 lib/usercopy.c:33 copy_to_user ./include/linux/uaccess.h:169 vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431 vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925 vfs_ioctl fs/ioctl.c:51 ... Uninit was stored to memory at: kmemdup+0x74/0xb0 mm/util.c:131 dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271 vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339 qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940 vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488 vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927 ... Local variable ev created at: qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 Bytes 28-31 of 48 are uninitialized Memory access of size 48 starts at ffff888035155e00 Data copied to user address 0000000020000100 Use memset() to prevent the infoleaks. Also speculatively fix qp_notify_peer_local(), which may suffer from the same problem. CVE-2022-49788 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49788.html CVE-2022-49788 https://bugzilla.suse.com/1242353 SUSE Bug 1242353 In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and we need to remove the request from our internal hash table again (so we don't keep an invalid reference and use it when we free the request again). In 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (signed and 32 bit wide), but the rest of the zfcp code (and the firmware specification) handles the ID as 'unsigned long'/'u64' (unsigned and 64 bit wide [s390x ELF ABI]). For one this has the obvious problem that when the ID grows past 32 bit (this can happen reasonably fast) it is truncated to 32 bit when storing it in the cache variable and so doesn't match the original ID anymore. The second less obvious problem is that even when the original ID has not yet grown past 32 bit, as soon as the 32nd bit is set in the original ID (0x80000000 = 2'147'483'648) we will have a mismatch when we cast it back to 'unsigned long'. As the cached variable is of a signed type, the compiler will choose a sign-extending instruction to load the 32 bit variable into a 64 bit register (e.g.: 'lgf %r11,188(%r15)'). So once we pass the cached variable into 'zfcp_reqlist_find_rm()' to remove the request again all the leading zeros will be flipped to ones to extend the sign and won't match the original ID anymore (this has been observed in practice). If we can't successfully remove the request from the hash table again after 'zfcp_qdio_send()' fails (this happens regularly when zfcp cannot notify the adapter about new work because the adapter is already gone during e.g. a ChpID toggle) we will end up with a double free. We unconditionally free the request in the calling function when 'zfcp_fsf_req_send()' fails, but because the request is still in the hash table we end up with a stale memory reference, and once the zfcp adapter is either reset during recovery or shutdown we end up freeing the same memory twice. The resulting stack traces vary depending on the kernel and have no direct correlation to the place where the bug occurs. Here are three examples that have been seen in practice: list_del corruption. next->prev should be 00000001b9d13800, but was 00000000dead4ead. (next=00000001bd131a00) ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:62! monitor event: 0040 ilc:2 [#1] PREEMPT SMP Modules linked in: ... CPU: 9 PID: 1617 Comm: zfcperp0.0.1740 Kdump: loaded Hardware name: ... Krnl PSW : 0704d00180000000 00000003cbeea1f8 (__list_del_entry_valid+0x98/0x140) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 Krnl GPRS: 00000000916d12f1 0000000080000000 000000000000006d 00000003cb665cd6 0000000000000001 0000000000000000 0000000000000000 00000000d28d21e8 00000000d3844000 00000380099efd28 00000001bd131a00 00000001b9d13800 00000000d3290100 0000000000000000 00000003cbeea1f4 00000380099efc70 Krnl Code: 00000003cbeea1e8: c020004f68a7 larl %r2,00000003cc8d7336 00000003cbeea1ee: c0e50027fd65 brasl %r14,00000003cc3e9cb8 #00000003cbeea1f4: af000000 mc 0,0 >00000003cbeea1f8: c02000920440 larl %r2,00000003cd12aa78 00000003cbeea1fe: c0e500289c25 brasl %r14,00000003cc3fda48 00000003cbeea204: b9040043 lgr %r4,%r3 00000003cbeea208: b9040051 lgr %r5,%r1 00000003cbeea20c: b9040032 lgr %r3,%r2 Call Trace: [<00000003cbeea1f8>] __list_del_entry_valid+0x98/0x140 ([<00000003cbeea1f4>] __list_del_entry_valid+0x94/0x140) [<000003ff7ff502fe>] zfcp_fsf_req_dismiss_all+0xde/0x150 [zfcp] [<000003ff7ff49cd0>] zfcp_erp_strategy_do_action+0x160/0x280 [zfcp] ---truncated--- CVE-2022-49789 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49789.html CVE-2022-49789 https://bugzilla.suse.com/1242366 SUSE Bug 1242366 https://bugzilla.suse.com/1242376 SUSE Bug 1242376 In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resource leak. CVE-2022-49813 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49813.html CVE-2022-49813 https://bugzilla.suse.com/1242497 SUSE Bug 1242497 In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize(). CVE-2022-49818 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49818.html CVE-2022-49818 https://bugzilla.suse.com/1242527 SUSE Bug 1242527 In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0. The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the kfree() is removed. list_del() is called in mISDN_dsp_dev_release(), so it need be initialized. CVE-2022-49821 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49821.html CVE-2022-49821 https://bugzilla.suse.com/1242542 SUSE Bug 1242542 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next mount with fsc, it will print the follow errors: CIFS: Cache volume key already in use (cifs,127.0.0.1:445,TEST) Let's check the result of tlink setup, and do some cleanup. CVE-2022-49822 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49822.html CVE-2022-49822 https://bugzilla.suse.com/1242544 SUSE Bug 1242544 In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And then ata_host_put() is called again, the refcount is decreased to 0, ata_host_release() is called, all ports are freed and set to null. When unbinding the device after failure, ata_host_stop() is called to release the resources, it leads a null-ptr-deref(), because all the ports all freed and null. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ata_host_stop+0x3c/0x84 [libata] lr : release_nodes+0x64/0xd0 Call trace: ata_host_stop+0x3c/0x84 [libata] release_nodes+0x64/0xd0 devres_release_all+0xbc/0x1b0 device_unbind_cleanup+0x20/0x70 really_probe+0x158/0x320 __driver_probe_device+0x84/0x120 driver_probe_device+0x44/0x120 __driver_attach+0xb4/0x220 bus_for_each_dev+0x78/0xdc driver_attach+0x2c/0x40 bus_add_driver+0x184/0x240 driver_register+0x80/0x13c __pci_register_driver+0x4c/0x60 ahci_pci_driver_init+0x30/0x1000 [ahci] Fix this by removing redundant ata_host_put() in the error path. CVE-2022-49826 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49826.html CVE-2022-49826 https://bugzilla.suse.com/1242549 SUSE Bug 1242549 In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: fix fence ref counting We leaked dependency fences when processes were beeing killed. Additional to that grab a reference to the last scheduled fence. CVE-2022-49829 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49829.html CVE-2022-49829 https://bugzilla.suse.com/1242691 SUSE Bug 1242691 In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 0000000000000000 by task python3/2640 Call Trace: strcmp __of_find_property of_find_property pinctrl_dt_to_map kasprintf() would return NULL pointer when kmalloc() fail to allocate. So directly return ENOMEM, if kasprintf() return NULL pointer. CVE-2022-49832 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49832.html CVE-2022-49832 https://bugzilla.suse.com/1242154 SUSE Bug 1242154 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call 'kobject_put' to recycling resources. CVE-2022-49835 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49835.html CVE-2022-49835 https://bugzilla.suse.com/1242385 SUSE Bug 1242385 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49840 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49840.html CVE-2022-49840 https://bugzilla.suse.com/1242447 SUSE Bug 1242447 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49842 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49842.html CVE-2022-49842 https://bugzilla.suse.com/1242484 SUSE Bug 1242484 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49846 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49846.html CVE-2022-49846 https://bugzilla.suse.com/1242716 SUSE Bug 1242716 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49853 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49853.html CVE-2022-49853 https://bugzilla.suse.com/1242688 SUSE Bug 1242688 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49861 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49861.html CVE-2022-49861 https://bugzilla.suse.com/1242580 SUSE Bug 1242580 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49862 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49862.html CVE-2022-49862 https://bugzilla.suse.com/1242755 SUSE Bug 1242755 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49865 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49865.html CVE-2022-49865 https://bugzilla.suse.com/1242570 SUSE Bug 1242570 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49871 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49871.html CVE-2022-49871 https://bugzilla.suse.com/1242558 SUSE Bug 1242558 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49872 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49872.html CVE-2022-49872 https://bugzilla.suse.com/1242594 SUSE Bug 1242594 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49874 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49874.html CVE-2022-49874 https://bugzilla.suse.com/1242478 SUSE Bug 1242478 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49877 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49877.html CVE-2022-49877 https://bugzilla.suse.com/1242483 SUSE Bug 1242483 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49880 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49880.html CVE-2022-49880 https://bugzilla.suse.com/1242734 SUSE Bug 1242734 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49889 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49889.html CVE-2022-49889 https://bugzilla.suse.com/1242455 SUSE Bug 1242455 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49892 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49892.html CVE-2022-49892 https://bugzilla.suse.com/1242449 SUSE Bug 1242449 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49898 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49898.html CVE-2022-49898 https://bugzilla.suse.com/1242472 SUSE Bug 1242472 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49906 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49906.html CVE-2022-49906 https://bugzilla.suse.com/1242464 SUSE Bug 1242464 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49907 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49907.html CVE-2022-49907 https://bugzilla.suse.com/1242450 SUSE Bug 1242450 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49909 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49909.html CVE-2022-49909 https://bugzilla.suse.com/1242453 SUSE Bug 1242453 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49910 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49910.html CVE-2022-49910 https://bugzilla.suse.com/1242452 SUSE Bug 1242452 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49913 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49913.html CVE-2022-49913 https://bugzilla.suse.com/1242470 SUSE Bug 1242470 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49914 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49914.html CVE-2022-49914 https://bugzilla.suse.com/1242427 SUSE Bug 1242427 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49915 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49915.html CVE-2022-49915 https://bugzilla.suse.com/1242409 SUSE Bug 1242409 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49922 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49922.html CVE-2022-49922 https://bugzilla.suse.com/1242378 SUSE Bug 1242378 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49923 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49923.html CVE-2022-49923 https://bugzilla.suse.com/1242394 SUSE Bug 1242394 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49924 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49924.html CVE-2022-49924 https://bugzilla.suse.com/1242426 SUSE Bug 1242426 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49925 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49925.html CVE-2022-49925 https://bugzilla.suse.com/1242371 SUSE Bug 1242371 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49927 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49927.html CVE-2022-49927 https://bugzilla.suse.com/1242416 SUSE Bug 1242416 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49931 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2022-49931.html CVE-2022-49931 https://bugzilla.suse.com/1242382 SUSE Bug 1242382 A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. CVE-2023-1074 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-1074.html CVE-2023-1074 https://bugzilla.suse.com/1206677 SUSE Bug 1206677 A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. CVE-2023-1989 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-1989.html CVE-2023-1989 https://bugzilla.suse.com/1210336 SUSE Bug 1210336 https://bugzilla.suse.com/1210500 SUSE Bug 1210500 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. CVE-2023-1990 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-1990.html CVE-2023-1990 https://bugzilla.suse.com/1210337 SUSE Bug 1210337 https://bugzilla.suse.com/1210501 SUSE Bug 1210501 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow. CVE-2023-52868 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-52868.html CVE-2023-52868 https://bugzilla.suse.com/1225044 SUSE Bug 1225044 In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KASAN UAF report like this: [ 276.942144] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x78/0xe0 [ 276.942535] Write of size 4 at addr ffff8881053b45b8 by task cat/4088 [ 276.943511] CPU: 2 PID: 4088 Comm: cat Tainted: G E 6.1.0-rc8+ #3 [ 276.943997] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 [ 276.944470] Call Trace: [ 276.944943] <TASK> [ 276.945397] dump_stack_lvl+0x34/0x48 [ 276.945887] print_address_description.constprop.0+0x86/0x1e7 [ 276.946421] print_report+0x36/0x4f [ 276.947358] kasan_report+0xad/0x130 [ 276.948234] kasan_check_range+0x35/0x1c0 [ 276.948674] _raw_spin_lock_bh+0x78/0xe0 [ 276.949989] iscsi_sw_tcp_host_get_param+0xad/0x2e0 [iscsi_tcp] [ 276.951765] show_host_param_ISCSI_HOST_PARAM_IPADDRESS+0xe9/0x130 [scsi_transport_iscsi] [ 276.952185] dev_attr_show+0x3f/0x80 [ 276.953005] sysfs_kf_seq_show+0x1fb/0x3e0 [ 276.953401] seq_read_iter+0x402/0x1020 [ 276.954260] vfs_read+0x532/0x7b0 [ 276.955113] ksys_read+0xed/0x1c0 [ 276.955952] do_syscall_64+0x38/0x90 [ 276.956347] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 276.956769] RIP: 0033:0x7f5d3a679222 [ 276.957161] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 32 c0 0b 00 e8 a5 fe 01 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 [ 276.958009] RSP: 002b:00007ffc864d16a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 276.958431] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5d3a679222 [ 276.958857] RDX: 0000000000020000 RSI: 00007f5d3a4fe000 RDI: 0000000000000003 [ 276.959281] RBP: 00007f5d3a4fe000 R08: 00000000ffffffff R09: 0000000000000000 [ 276.959682] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000020000 [ 276.960126] R13: 0000000000000003 R14: 0000000000000000 R15: 0000557a26dada58 [ 276.960536] </TASK> [ 276.961357] Allocated by task 2209: [ 276.961756] kasan_save_stack+0x1e/0x40 [ 276.962170] kasan_set_track+0x21/0x30 [ 276.962557] __kasan_kmalloc+0x7e/0x90 [ 276.962923] __kmalloc+0x5b/0x140 [ 276.963308] iscsi_alloc_session+0x28/0x840 [scsi_transport_iscsi] [ 276.963712] iscsi_session_setup+0xda/0xba0 [libiscsi] [ 276.964078] iscsi_sw_tcp_session_create+0x1fd/0x330 [iscsi_tcp] [ 276.964431] iscsi_if_create_session.isra.0+0x50/0x260 [scsi_transport_iscsi] [ 276.964793] iscsi_if_recv_msg+0xc5a/0x2660 [scsi_transport_iscsi] [ 276.965153] iscsi_if_rx+0x198/0x4b0 [scsi_transport_iscsi] [ 276.965546] netlink_unicast+0x4d5/0x7b0 [ 276.965905] netlink_sendmsg+0x78d/0xc30 [ 276.966236] sock_sendmsg+0xe5/0x120 [ 276.966576] ____sys_sendmsg+0x5fe/0x860 [ 276.966923] ___sys_sendmsg+0xe0/0x170 [ 276.967300] __sys_sendmsg+0xc8/0x170 [ 276.967666] do_syscall_64+0x38/0x90 [ 276.968028] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 276.968773] Freed by task 2209: [ 276.969111] kasan_save_stack+0x1e/0x40 [ 276.969449] kasan_set_track+0x21/0x30 [ 276.969789] kasan_save_free_info+0x2a/0x50 [ 276.970146] __kasan_slab_free+0x106/0x190 [ 276.970470] __kmem_cache_free+0x133/0x270 [ 276.970816] device_release+0x98/0x210 [ 276.971145] kobject_cleanup+0x101/0x360 [ 276.971462] iscsi_session_teardown+0x3fb/0x530 [libiscsi] [ 276.971775] iscsi_sw_tcp_session_destroy+0xd8/0x130 [iscsi_tcp] [ 276.972143] iscsi_if_recv_msg+0x1bf1/0x2660 [scsi_transport_iscsi] [ 276.972485] iscsi_if_rx+0x198/0x4b0 [scsi_transport_iscsi] [ 276.972808] netlink_unicast+0x4d5/0x7b0 [ 276.973201] netlink_sendmsg+0x78d/0xc30 [ 276.973544] sock_sendmsg+0xe5/0x120 [ 276.973864] ____sys_sendmsg+0x5fe/0x860 [ 276.974248] ___sys_ ---truncated--- CVE-2023-52975 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-52975.html CVE-2023-52975 https://bugzilla.suse.com/1240322 SUSE Bug 1240322 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() snd_hda_get_connections() can return a negative error code. It may lead to accessing 'conn' array at a negative index. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2023-52988 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-52988.html CVE-2023-52988 https://bugzilla.suse.com/1240293 SUSE Bug 1240293 In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch is fix for Linux kernel v2.6.33 or later. For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem have had an issue of use-after-free. The subsystem allows multiple user space listeners to the region, while data of the payload was likely released before the listeners execute read(2) to access to it for copying to user space. The issue was fixed by a commit 281e20323ab7 ("firewire: core: fix use-after-free regression in FCP handler"). The object of payload is duplicated in kernel space for each listener. When the listener executes ioctl(2) with FW_CDEV_IOC_SEND_RESPONSE request, the object is going to be released. However, it causes memory leak since the commit relies on call of release_request() in drivers/firewire/core-cdev.c. Against the expectation, the function is never called due to the design of release_client_resource(). The function delegates release task to caller when called with non-NULL fourth argument. The implementation of ioctl_send_response() is the case. It should release the object explicitly. This commit fixes the bug. CVE-2023-52989 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-52989.html CVE-2023-52989 https://bugzilla.suse.com/1240266 SUSE Bug 1240266 In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL Baoquan reported that after triggering a crash the subsequent crash-kernel fails to boot about half of the time. It triggers a NULL pointer dereference in the periodic tick code. This happens because the legacy timer interrupt (IRQ0) is resent in software which happens in soft interrupt (tasklet) context. In this context get_irq_regs() returns NULL which leads to the NULL pointer dereference. The reason for the resend is a spurious APIC interrupt on the IRQ0 vector which is captured and leads to a resend when the legacy timer interrupt is enabled. This is wrong because the legacy PIC interrupts are level triggered and therefore should never be resent in software, but nothing ever sets the IRQ_LEVEL flag on those interrupts, so the core code does not know about their trigger type. Ensure that IRQ_LEVEL is set when the legacy PCI interrupts are set up. CVE-2023-52993 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-52993.html CVE-2023-52993 https://bugzilla.suse.com/1240297 SUSE Bug 1240297 In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtp_dev. If ish_probe() fails, the devm-managed device resources including ishtp_dev are freed, but the work is not cancelled, causing a use-after-free when the work function tries to access ishtp_dev. Use devm_work_autocancel() instead, so that the work is automatically cancelled if probe fails. CVE-2023-53039 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53039.html CVE-2023-53039 https://bugzilla.suse.com/1242745 SUSE Bug 1242745 https://bugzilla.suse.com/1242880 SUSE Bug 1242880 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1 RIP: 0010:dma_free_attrs+0x33/0x50 Call Trace: qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] qla2x00_abort_srb+0x8e/0x250 [qla2xxx] ? ql_dbg+0x70/0x100 [qla2xxx] __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx] qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx] qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx] qla2x00_remove_one+0x364/0x400 [qla2xxx] pci_device_remove+0x36/0xa0 __device_release_driver+0x17a/0x230 device_release_driver+0x24/0x30 pci_stop_bus_device+0x68/0x90 pci_stop_and_remove_bus_device_locked+0x16/0x30 remove_store+0x75/0x90 kernfs_fop_write_iter+0x11c/0x1b0 new_sync_write+0x11f/0x1b0 vfs_write+0x1eb/0x280 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0x80 ? do_user_addr_fault+0x1d8/0x680 ? do_syscall_64+0x69/0x80 ? exc_page_fault+0x62/0x140 ? asm_exc_page_fault+0x8/0x30 entry_SYSCALL_64_after_hwframe+0x44/0xae The command was completed in the abort path during driver unload with a lock held, causing the warning in abort path. Hence complete the command without any lock held. CVE-2023-53041 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53041.html CVE-2023-53041 https://bugzilla.suse.com/1242747 SUSE Bug 1242747 In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a NULL pointer dereference will occur in dm_stats_cleanup() even if dm-stats isn't being actively used. CVE-2023-53044 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53044.html CVE-2023-53044 https://bugzilla.suse.com/1242759 SUSE Bug 1242759 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free() via g_audio_cleanup() will disconnect the card and then wait for all resources to be released, which happens when the refcount falls to zero. Since userspace can keep the refcount incremented by not closing the relevant file descriptor, the call to unbind may block indefinitely. This can cause a deadlock during reboot, as evidenced by the following blocked task observed on my machine: task:reboot state:D stack:0 pid:2827 ppid:569 flags:0x0000000c Call trace: __switch_to+0xc8/0x140 __schedule+0x2f0/0x7c0 schedule+0x60/0xd0 schedule_timeout+0x180/0x1d4 wait_for_completion+0x78/0x180 snd_card_free+0x90/0xa0 g_audio_cleanup+0x2c/0x64 afunc_unbind+0x28/0x60 ... kernel_restart+0x4c/0xac __do_sys_reboot+0xcc/0x1ec __arm64_sys_reboot+0x28/0x30 invoke_syscall+0x4c/0x110 ... The issue can also be observed by opening the card with arecord and then stopping the process through the shell before unbinding: # arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null Recording WAVE '/dev/null' : Signed 32 bit Little Endian, Rate 48000 Hz, Stereo ^Z[1]+ Stopped arecord -D hw:UAC2Gadget -f S32_LE -c 2 -r 48000 /dev/null # echo gadget.0 > /sys/bus/gadget/drivers/configfs-gadget/unbind (observe that the unbind command never finishes) Fix the problem by using snd_card_free_when_closed() instead, which will still disconnect the card as desired, but defer the task of freeing the resources to the core once userspace closes its file descriptor. CVE-2023-53045 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53045.html CVE-2023-53045 https://bugzilla.suse.com/1242756 SUSE Bug 1242756 In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255][ C12] watchdog: BUG: soft lockup - CPU#12 stuck for 23s! [dmcrypt_write/2:2897] ... [ 3391.387210][ C12] Call trace: [ 3391.390338][ C12] blk_attempt_bio_merge.part.6+0x38/0x158 [ 3391.395970][ C12] blk_attempt_plug_merge+0xc0/0x1b0 [ 3391.401085][ C12] blk_mq_submit_bio+0x398/0x550 [ 3391.405856][ C12] submit_bio_noacct+0x308/0x380 [ 3391.410630][ C12] dmcrypt_write+0x1e4/0x208 [dm_crypt] [ 3391.416005][ C12] kthread+0x130/0x138 [ 3391.419911][ C12] ret_from_fork+0x10/0x18 CVE-2023-53051 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53051.html CVE-2023-53051 https://bugzilla.suse.com/1242284 SUSE Bug 1242284 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2023-53056 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53056.html CVE-2023-53056 https://bugzilla.suse.com/1242219 SUSE Bug 1242219 In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE from netdev core) igb_remove | igb_ndo_get_vf_config igb_disable_sriov | vf >= adapter->vfs_allocated_count? kfree(adapter->vf_data) | adapter->vfs_allocated_count = 0 | | memcpy(... adapter->vf_data[vf] The above race will never happen and the extra rtnl_lock causes deadlock below [ 141.420169] <TASK> [ 141.420672] __schedule+0x2dd/0x840 [ 141.421427] schedule+0x50/0xc0 [ 141.422041] schedule_preempt_disabled+0x11/0x20 [ 141.422678] __mutex_lock.isra.13+0x431/0x6b0 [ 141.423324] unregister_netdev+0xe/0x20 [ 141.423578] igbvf_remove+0x45/0xe0 [igbvf] [ 141.423791] pci_device_remove+0x36/0xb0 [ 141.423990] device_release_driver_internal+0xc1/0x160 [ 141.424270] pci_stop_bus_device+0x6d/0x90 [ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20 [ 141.424789] pci_iov_remove_virtfn+0xba/0x120 [ 141.425452] sriov_disable+0x2f/0xf0 [ 141.425679] igb_disable_sriov+0x4e/0x100 [igb] [ 141.426353] igb_remove+0xa0/0x130 [igb] [ 141.426599] pci_device_remove+0x36/0xb0 [ 141.426796] device_release_driver_internal+0xc1/0x160 [ 141.427060] driver_detach+0x44/0x90 [ 141.427253] bus_remove_driver+0x55/0xe0 [ 141.427477] pci_unregister_driver+0x2a/0xa0 [ 141.428296] __x64_sys_delete_module+0x141/0x2b0 [ 141.429126] ? mntput_no_expire+0x4a/0x240 [ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0 [ 141.429653] do_syscall_64+0x5b/0x80 [ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0 [ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30 [ 141.430849] ? do_syscall_64+0x67/0x80 [ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0 [ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30 [ 141.432482] ? do_syscall_64+0x67/0x80 [ 141.432714] ? exc_page_fault+0x64/0x140 [ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc Since the igb_disable_sriov() will call pci_disable_sriov() before releasing any resources, the netdev core will synchronize the cleanup to avoid any races. This patch removes the useless rtnl_(un)lock to guarantee correctness. CVE-2023-53060 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53060.html CVE-2023-53060 https://bugzilla.suse.com/1242241 SUSE Bug 1242241 In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. CVE-2023-53062 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53062.html CVE-2023-53062 https://bugzilla.suse.com/1242228 SUSE Bug 1242228 In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. CVE-2023-53066 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53066.html CVE-2023-53066 https://bugzilla.suse.com/1242227 SUSE Bug 1242227 In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory contents. Additionally prevent integer underflow when size is less than ETH_FCS_LEN. CVE-2023-53068 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53068.html CVE-2023-53068 https://bugzilla.suse.com/1242239 SUSE Bug 1242239 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Comm: modprobe Call trace: kasan_report __asan_load8 lookup_rec ftrace_location arch_check_ftrace_location check_kprobe_address_safe register_kprobe When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a pg which is newly added to ftrace_pages_start in ftrace_process_locs(). Before the first pg->index++, index is 0 and accessing pg->records[-1].ip will cause this problem. Don't check the ip when pg->index is 0. CVE-2023-53075 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53075.html CVE-2023-53075 https://bugzilla.suse.com/1242218 SUSE Bug 1242218 In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2c6980 (size 32): comm "kworker/u16:2", pid 635322, jiffies 4355801099 (age 1216426.076s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 40 39 24 c1 ff ff ff ff 00 f8 ea 0a 81 88 ff ff @9$............. backtrace: [<0000000098f3a26d>] alua_activate+0xb0/0x320 [<000000003b529641>] scsi_dh_activate+0xb2/0x140 [<000000007b296db3>] activate_path_work+0xc6/0xe0 [dm_multipath] [<000000007adc9ace>] process_one_work+0x3c5/0x730 [<00000000c457a985>] worker_thread+0x93/0x650 [<00000000cb80e628>] kthread+0x1ba/0x210 [<00000000a1e61077>] ret_from_fork+0x22/0x30 Fix the problem by freeing 'qdata' in error path. CVE-2023-53078 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53078.html CVE-2023-53078 https://bugzilla.suse.com/1242231 SUSE Bug 1242231 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardown path when EEH happens. Since the vport's promisc settings(uc, mc and all) in firmware are reset after EEH, mlx5 driver will try to delete the above rules in the initialization path. This cause kernel crash because these software rules are no longer valid. Fix by nullifying these rules right after delete to avoid accessing any dangling pointers. Call Trace: __list_del_entry_valid+0xcc/0x100 (unreliable) tree_put_node+0xf4/0x1b0 [mlx5_core] tree_remove_node+0x30/0x70 [mlx5_core] mlx5_del_flow_rules+0x14c/0x1f0 [mlx5_core] esw_apply_vport_rx_mode+0x10c/0x200 [mlx5_core] esw_update_vport_rx_mode+0xb4/0x180 [mlx5_core] esw_vport_change_handle_locked+0x1ec/0x230 [mlx5_core] esw_enable_vport+0x130/0x260 [mlx5_core] mlx5_eswitch_enable_sriov+0x2a0/0x2f0 [mlx5_core] mlx5_device_enable_sriov+0x74/0x440 [mlx5_core] mlx5_load_one+0x114c/0x1550 [mlx5_core] mlx5_pci_resume+0x68/0xf0 [mlx5_core] eeh_report_resume+0x1a4/0x230 eeh_pe_dev_traverse+0x98/0x170 eeh_handle_normal_event+0x3e4/0x640 eeh_handle_event+0x4c/0x370 eeh_event_handler+0x14c/0x210 kthread+0x168/0x1b0 ret_from_kernel_thread+0x5c/0x84 CVE-2023-53079 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53079.html CVE-2023-53079 https://bugzilla.suse.com/1242765 SUSE Bug 1242765 In the Linux kernel, the following vulnerability has been resolved: xsk: Add missing overflow check in xdp_umem_reg The number of chunks can overflow u32. Make sure to return -EINVAL on overflow. Also remove a redundant u32 cast assigning umem->npgs. CVE-2023-53080 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53080.html CVE-2023-53080 https://bugzilla.suse.com/1242287 SUSE Bug 1242287 In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: fix race on RX DMA shutdown From time to time DMA completion can come in the middle of DMA shutdown: <process ctx>: <IRQ>: lpuart32_shutdown() lpuart_dma_shutdown() del_timer_sync() lpuart_dma_rx_complete() lpuart_copy_rx_to_tty() mod_timer() lpuart_dma_rx_free() When the timer fires a bit later, sport->dma_rx_desc is NULL: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 pc : lpuart_copy_rx_to_tty+0xcc/0x5bc lr : lpuart_timer_func+0x1c/0x2c Call trace: lpuart_copy_rx_to_tty lpuart_timer_func call_timer_fn __run_timers.part.0 run_timer_softirq __do_softirq __irq_exit_rcu irq_exit handle_domain_irq gic_handle_irq call_on_irq_stack do_interrupt_handler ... To fix this fold del_timer_sync() into lpuart_dma_rx_free() after dmaengine_terminate_sync() to make sure timer will not be re-started in lpuart_copy_rx_to_tty() <= lpuart_dma_rx_complete(). CVE-2023-53094 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53094.html CVE-2023-53094 https://bugzilla.suse.com/1242288 SUSE Bug 1242288 In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4_update_inline_data Syzbot found the following issue: EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" fscrypt: AES-256-XTS using implementation "xts-aes-aesni" ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5071 at mm/page_alloc.c:5525 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 Modules linked in: CPU: 1 PID: 5071 Comm: syz-executor263 Not tainted 6.2.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5525 RSP: 0018:ffffc90003c2f1c0 EFLAGS: 00010246 RAX: ffffc90003c2f220 RBX: 0000000000000014 RCX: 0000000000000000 RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90003c2f248 RBP: ffffc90003c2f2d8 R08: dffffc0000000000 R09: ffffc90003c2f220 R10: fffff52000785e49 R11: 1ffff92000785e44 R12: 0000000000040d40 R13: 1ffff92000785e40 R14: dffffc0000000000 R15: 1ffff92000785e3c FS: 0000555556c0d300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f95d5e04138 CR3: 00000000793aa000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __alloc_pages_node include/linux/gfp.h:237 [inline] alloc_pages_node include/linux/gfp.h:260 [inline] __kmalloc_large_node+0x95/0x1e0 mm/slab_common.c:1113 __do_kmalloc_node mm/slab_common.c:956 [inline] __kmalloc+0xfe/0x190 mm/slab_common.c:981 kmalloc include/linux/slab.h:584 [inline] kzalloc include/linux/slab.h:720 [inline] ext4_update_inline_data+0x236/0x6b0 fs/ext4/inline.c:346 ext4_update_inline_dir fs/ext4/inline.c:1115 [inline] ext4_try_add_inline_entry+0x328/0x990 fs/ext4/inline.c:1307 ext4_add_entry+0x5a4/0xeb0 fs/ext4/namei.c:2385 ext4_add_nondir+0x96/0x260 fs/ext4/namei.c:2772 ext4_create+0x36c/0x560 fs/ext4/namei.c:2817 lookup_open fs/namei.c:3413 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x12ac/0x2dd0 fs/namei.c:3711 do_filp_open+0x264/0x4f0 fs/namei.c:3741 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_openat fs/open.c:1342 [inline] __se_sys_openat fs/open.c:1337 [inline] __x64_sys_openat+0x243/0x290 fs/open.c:1337 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Above issue happens as follows: ext4_iget ext4_find_inline_data_nolock ->i_inline_off=164 i_inline_size=60 ext4_try_add_inline_entry __ext4_mark_inode_dirty ext4_expand_extra_isize_ea ->i_extra_isize=32 s_want_extra_isize=44 ext4_xattr_shift_entries ->after shift i_inline_off is incorrect, actually is change to 176 ext4_try_add_inline_entry ext4_update_inline_dir get_max_inline_xattr_value_size if (EXT4_I(inode)->i_inline_off) entry = (struct ext4_xattr_entry *)((void *)raw_inode + EXT4_I(inode)->i_inline_off); free += EXT4_XATTR_SIZE(le32_to_cpu(entry->e_value_size)); ->As entry is incorrect, then 'free' may be negative ext4_update_inline_data value = kzalloc(len, GFP_NOFS); -> len is unsigned int, maybe very large, then trigger warning when 'kzalloc()' To resolve the above issue we need to update 'i_inline_off' after 'ext4_xattr_shift_entries()'. We do not need to set EXT4_STATE_MAY_INLINE_DATA flag here, since ext4_mark_inode_dirty() already sets this flag if needed. Setting EXT4_STATE_MAY_INLINE_DATA when it is needed may trigger a BUG_ON in ext4_writepages(). CVE-2023-53100 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53100.html CVE-2023-53100 https://bugzilla.suse.com/1242790 SUSE Bug 1242790 In the Linux kernel, the following vulnerability has been resolved: ext4: zero i_disksize when initializing the bootloader inode If the boot loader inode has never been used before, the EXT4_IOC_SWAP_BOOT inode will initialize it, including setting the i_size to 0. However, if the "never before used" boot loader has a non-zero i_size, then i_disksize will be non-zero, and the inconsistency between i_size and i_disksize can trigger a kernel warning: WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319 CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa RIP: 0010:ext4_file_write_iter+0xbc7/0xd10 Call Trace: vfs_write+0x3b1/0x5c0 ksys_write+0x77/0x160 __x64_sys_write+0x22/0x30 do_syscall_64+0x39/0x80 Reproducer: 1. create corrupted image and mount it: mke2fs -t ext4 /tmp/foo.img 200 debugfs -wR "sif <5> size 25700" /tmp/foo.img mount -t ext4 /tmp/foo.img /mnt cd /mnt echo 123 > file 2. Run the reproducer program: posix_memalign(&buf, 1024, 1024) fd = open("file", O_RDWR | O_DIRECT); ioctl(fd, EXT4_IOC_SWAP_BOOT); write(fd, buf, 1024); Fix this by setting i_disksize as well as i_size to zero when initiaizing the boot loader inode. CVE-2023-53101 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53101.html CVE-2023-53101 https://bugzilla.suse.com/1242791 SUSE Bug 1242791 In the Linux kernel, the following vulnerability has been resolved: bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails syzbot reported a warning[1] where the bond device itself is a slave and we try to enslave a non-ethernet device as the first slave which fails but then in the error path when ether_setup() restores the bond device it also clears all flags. In my previous fix[2] I restored the IFF_MASTER flag, but I didn't consider the case that the bond device itself might also be a slave with IFF_SLAVE set, so we need to restore that flag as well. Use the bond_ether_setup helper which does the right thing and restores the bond's flags properly. Steps to reproduce using a nlmon dev: $ ip l add nlmon0 type nlmon $ ip l add bond1 type bond $ ip l add bond2 type bond $ ip l set bond1 master bond2 $ ip l set dev nlmon0 master bond1 $ ip -d l sh dev bond1 22: bond1: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noqueue master bond2 state DOWN mode DEFAULT group default qlen 1000 (now bond1's IFF_SLAVE flag is gone and we'll hit a warning[3] if we try to delete it) [1] https://syzkaller.appspot.com/bug?id=391c7b1f6522182899efba27d891f1743e8eb3ef [2] commit 7d5cd2ce5292 ("bonding: correctly handle bonding type change on enslave failure") [3] example warning: [ 27.008664] bond1: (slave nlmon0): The slave device specified does not support setting the MAC address [ 27.008692] bond1: (slave nlmon0): Error -95 calling set_mac_address [ 32.464639] bond1 (unregistering): Released all slaves [ 32.464685] ------------[ cut here ]------------ [ 32.464686] WARNING: CPU: 1 PID: 2004 at net/core/dev.c:10829 unregister_netdevice_many+0x72a/0x780 [ 32.464694] Modules linked in: br_netfilter bridge bonding virtio_net [ 32.464699] CPU: 1 PID: 2004 Comm: ip Kdump: loaded Not tainted 5.18.0-rc3+ #47 [ 32.464703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc37 04/01/2014 [ 32.464704] RIP: 0010:unregister_netdevice_many+0x72a/0x780 [ 32.464707] Code: 99 fd ff ff ba 90 1a 00 00 48 c7 c6 f4 02 66 96 48 c7 c7 20 4d 35 96 c6 05 fa c7 2b 02 01 e8 be 6f 4a 00 0f 0b e9 73 fd ff ff <0f> 0b e9 5f fd ff ff 80 3d e3 c7 2b 02 00 0f 85 3b fd ff ff ba 59 [ 32.464710] RSP: 0018:ffffa006422d7820 EFLAGS: 00010206 [ 32.464712] RAX: ffff8f6e077140a0 RBX: ffffa006422d7888 RCX: 0000000000000000 [ 32.464714] RDX: ffff8f6e12edbe58 RSI: 0000000000000296 RDI: ffffffff96d4a520 [ 32.464716] RBP: ffff8f6e07714000 R08: ffffffff96d63600 R09: ffffa006422d7728 [ 32.464717] R10: 0000000000000ec0 R11: ffffffff9698c988 R12: ffff8f6e12edb140 [ 32.464719] R13: dead000000000122 R14: dead000000000100 R15: ffff8f6e12edb140 [ 32.464723] FS: 00007f297c2f1740(0000) GS:ffff8f6e5d900000(0000) knlGS:0000000000000000 [ 32.464725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.464726] CR2: 00007f297bf1c800 CR3: 00000000115e8000 CR4: 0000000000350ee0 [ 32.464730] Call Trace: [ 32.464763] <TASK> [ 32.464767] rtnl_dellink+0x13e/0x380 [ 32.464776] ? cred_has_capability.isra.0+0x68/0x100 [ 32.464780] ? __rtnl_unlock+0x33/0x60 [ 32.464783] ? bpf_lsm_capset+0x10/0x10 [ 32.464786] ? security_capable+0x36/0x50 [ 32.464790] rtnetlink_rcv_msg+0x14e/0x3b0 [ 32.464792] ? _copy_to_iter+0xb1/0x790 [ 32.464796] ? post_alloc_hook+0xa0/0x160 [ 32.464799] ? rtnl_calcit.isra.0+0x110/0x110 [ 32.464802] netlink_rcv_skb+0x50/0xf0 [ 32.464806] netlink_unicast+0x216/0x340 [ 32.464809] netlink_sendmsg+0x23f/0x480 [ 32.464812] sock_sendmsg+0x5e/0x60 [ 32.464815] ____sys_sendmsg+0x22c/0x270 [ 32.464818] ? import_iovec+0x17/0x20 [ 32.464821] ? sendmsg_copy_msghdr+0x59/0x90 [ 32.464823] ? do_set_pte+0xa0/0xe0 [ 32.464828] ___sys_sendmsg+0x81/0xc0 [ 32.464832] ? mod_objcg_state+0xc6/0x300 [ 32.464835] ? refill_obj_stock+0xa9/0x160 [ 32.464838] ? memcg_slab_free_hook+0x1a5/0x1f0 [ 32.464842] __sys_sendm ---truncated--- CVE-2023-53103 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53103.html CVE-2023-53103 https://bugzilla.suse.com/1242408 SUSE Bug 1242408 In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and st_nci_spi_remove. Take st_nci_i2c_remove as an example. In st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work with llt_ndlc_sm_work. When it calls ndlc_recv or timeout handler, it will finally call schedule_work to start the work. When we call st_nci_i2c_remove to remove the driver, there may be a sequence as follows: Fix it by finishing the work before cleanup in ndlc_remove CPU0 CPU1 |llt_ndlc_sm_work st_nci_i2c_remove | ndlc_remove | st_nci_remove | nci_free_device| kfree(ndev) | //free ndlc->ndev | |llt_ndlc_rcv_queue |nci_recv_frame |//use ndlc->ndev CVE-2023-53106 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53106.html CVE-2023-53106 https://bugzilla.suse.com/1242215 SUSE Bug 1242215 In the Linux kernel, the following vulnerability has been resolved: net/iucv: Fix size of interrupt data iucv_irq_data needs to be 4 bytes larger. These bytes are not used by the iucv module, but written by the z/VM hypervisor in case a CPU is deconfigured. Reported as: BUG dma-kmalloc-64 (Not tainted): kmalloc Redzone overwritten ----------------------------------------------------------------------------- 0x0000000000400564-0x0000000000400567 @offset=1380. First byte 0x80 instead of 0xcc Allocated in iucv_cpu_prepare+0x44/0xd0 age=167839 cpu=2 pid=1 __kmem_cache_alloc_node+0x166/0x450 kmalloc_node_trace+0x3a/0x70 iucv_cpu_prepare+0x44/0xd0 cpuhp_invoke_callback+0x156/0x2f0 cpuhp_issue_call+0xf0/0x298 __cpuhp_setup_state_cpuslocked+0x136/0x338 __cpuhp_setup_state+0xf4/0x288 iucv_init+0xf4/0x280 do_one_initcall+0x78/0x390 do_initcalls+0x11a/0x140 kernel_init_freeable+0x25e/0x2a0 kernel_init+0x2e/0x170 __ret_from_fork+0x3c/0x58 ret_from_fork+0xa/0x40 Freed in iucv_init+0x92/0x280 age=167839 cpu=2 pid=1 __kmem_cache_free+0x308/0x358 iucv_init+0x92/0x280 do_one_initcall+0x78/0x390 do_initcalls+0x11a/0x140 kernel_init_freeable+0x25e/0x2a0 kernel_init+0x2e/0x170 __ret_from_fork+0x3c/0x58 ret_from_fork+0xa/0x40 Slab 0x0000037200010000 objects=32 used=30 fp=0x0000000000400640 flags=0x1ffff00000010200(slab|head|node=0|zone=0| Object 0x0000000000400540 @offset=1344 fp=0x0000000000000000 Redzone 0000000000400500: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400510: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400520: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400530: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Object 0000000000400540: 00 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object 0000000000400550: f3 86 81 f2 f4 82 f8 82 f0 f0 f0 f0 f0 f0 f0 f2 ................ Object 0000000000400560: 00 00 00 00 80 00 00 00 cc cc cc cc cc cc cc cc ................ Object 0000000000400570: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc ................ Redzone 0000000000400580: cc cc cc cc cc cc cc cc ........ Padding 00000000004005d4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000004005e4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding 00000000004005f4: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ CPU: 6 PID: 121030 Comm: 116-pai-crypto. Not tainted 6.3.0-20230221.rc0.git4.99b8246b2d71.300.fc37.s390x+debug #1 Hardware name: IBM 3931 A01 704 (z/VM 7.3.0) Call Trace: [<000000032aa034ec>] dump_stack_lvl+0xac/0x100 [<0000000329f5a6cc>] check_bytes_and_report+0x104/0x140 [<0000000329f5aa78>] check_object+0x370/0x3c0 [<0000000329f5ede6>] free_debug_processing+0x15e/0x348 [<0000000329f5f06a>] free_to_partial_list+0x9a/0x2f0 [<0000000329f5f4a4>] __slab_free+0x1e4/0x3a8 [<0000000329f61768>] __kmem_cache_free+0x308/0x358 [<000000032a91465c>] iucv_cpu_dead+0x6c/0x88 [<0000000329c2fc66>] cpuhp_invoke_callback+0x156/0x2f0 [<000000032aa062da>] _cpu_down.constprop.0+0x22a/0x5e0 [<0000000329c3243e>] cpu_device_down+0x4e/0x78 [<000000032a61dee0>] device_offline+0xc8/0x118 [<000000032a61e048>] online_store+0x60/0xe0 [<000000032a08b6b0>] kernfs_fop_write_iter+0x150/0x1e8 [<0000000329fab65c>] vfs_write+0x174/0x360 [<0000000329fab9fc>] ksys_write+0x74/0x100 [<000000032aa03a5a>] __do_syscall+0x1da/0x208 [<000000032aa177b2>] system_call+0x82/0xb0 INFO: lockdep is turned off. FIX dma-kmalloc-64: Restoring kmalloc Redzone 0x0000000000400564-0x0000000000400567=0xcc FIX dma-kmalloc-64: Object at 0x0000000000400540 not freed CVE-2023-53108 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53108.html CVE-2023-53108 https://bugzilla.suse.com/1242422 SUSE Bug 1242422 In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev->needed_headroom IP tunnels can apparently update dev->needed_headroom in their xmit path. This patch takes care of three tunnels xmit, and also the core LL_RESERVED_SPACE() and LL_RESERVED_SPACE_EXTRA() helpers. More changes might be needed for completeness. BUG: KCSAN: data-race in ip_tunnel_xmit / ip_tunnel_xmit read to 0xffff88815b9da0ec of 2 bytes by task 888 on cpu 1: ip_tunnel_xmit+0x1270/0x1730 net/ipv4/ip_tunnel.c:803 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430 dst_output include/net/dst.h:444 [inline] ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126 iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430 dst_output include/net/dst.h:444 [inline] ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126 iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/ipv4/ip_output.c:430 dst_output include/net/dst.h:444 [inline] ip_local_out+0x64/0x80 net/ipv4/ip_output.c:126 iptunnel_xmit+0x34a/0x4b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1451/0x1730 net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] ipgre_xmit+0x516/0x570 net/ipv4/ip_gre.c:661 __netdev_start_xmit include/linux/netdevice.h:4881 [inline] netdev_start_xmit include/linux/netdevice.h:4895 [inline] xmit_one net/core/dev.c:3580 [inline] dev_hard_start_xmit+0x127/0x400 net/core/dev.c:3596 __dev_queue_xmit+0x1007/0x1eb0 net/core/dev.c:4246 dev_queue_xmit include/linux/netdevice.h:3051 [inline] neigh_direct_output+0x17/0x20 net/core/neighbour.c:1623 neigh_output include/net/neighbour.h:546 [inline] ip_finish_output2+0x740/0x840 net/ipv4/ip_output.c:228 ip_finish_output+0xf4/0x240 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:291 [inline] ip_output+0xe5/0x1b0 net/i ---truncated--- CVE-2023-53109 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53109.html CVE-2023-53109 https://bugzilla.suse.com/1242405 SUSE Bug 1242405 In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during reboot when adapter is in recovery mode If the driver detects during probe that firmware is in recovery mode then i40e_init_recovery_mode() is called and the rest of probe function is skipped including pci_set_drvdata(). Subsequent i40e_shutdown() called during shutdown/reboot dereferences NULL pointer as pci_get_drvdata() returns NULL. To fix call pci_set_drvdata() also during entering to recovery mode. Reproducer: 1) Lets have i40e NIC with firmware in recovery mode 2) Run reboot Result: [ 139.084698] i40e: Intel(R) Ethernet Connection XL710 Network Driver [ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation. [ 139.108438] i40e 0000:02:00.0: Firmware recovery mode detected. Limiting functionality. [ 139.116439] i40e 0000:02:00.0: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode. [ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.215932] i40e 0000:02:00.0 enp2s0f0: renamed from eth0 [ 139.223292] i40e 0000:02:00.1: Firmware recovery mode detected. Limiting functionality. [ 139.231292] i40e 0000:02:00.1: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode. [ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a] [ 139.329209] i40e 0000:02:00.1 enp2s0f1: renamed from eth0 ... [ 156.311376] BUG: kernel NULL pointer dereference, address: 00000000000006c2 [ 156.318330] #PF: supervisor write access in kernel mode [ 156.323546] #PF: error_code(0x0002) - not-present page [ 156.328679] PGD 0 P4D 0 [ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI [ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: G E 6.2.0+ #1 [ 156.343126] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022 [ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e] [ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 <f0> 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00 [ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282 [ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001 [ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000 [ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40 [ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000 [ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000 [ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000 [ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0 [ 156.438944] PKRU: 55555554 [ 156.441647] Call Trace: [ 156.444096] <TASK> [ 156.446199] pci_device_shutdown+0x38/0x60 [ 156.450297] device_shutdown+0x163/0x210 [ 156.454215] kernel_restart+0x12/0x70 [ 156.457872] __do_sys_reboot+0x1ab/0x230 [ 156.461789] ? vfs_writev+0xa6/0x1a0 [ 156.465362] ? __pfx_file_free_rcu+0x10/0x10 [ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0 [ 156.475034] do_syscall_64+0x3e/0x90 [ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 156.483658] RIP: 0033:0x7fe7bff37ab7 CVE-2023-53114 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53114.html CVE-2023-53114 https://bugzilla.suse.com/1242398 SUSE Bug 1242398 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases inside pn533_out_complete() callback function. It causes the following failure: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441 Call Trace: <IRQ> __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671 usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754 dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700 expire_timers+0x234/0x330 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035 __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107 Initialize the field with the pn533_usb_phy currently used. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2023-53119 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53119.html CVE-2023-53119 https://bugzilla.suse.com/1242370 SUSE Bug 1242370 In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_make_synack() can be called from process context tcp_rtx_synack() now could be called in process context as explained in 0a375c822497 ("tcp: tcp_rtx_synack() can be called from process context"). tcp_rtx_synack() might call tcp_make_synack(), which will touch per-CPU variables with preemption enabled. This causes the following BUG: BUG: using __this_cpu_add() in preemptible [00000000] code: ThriftIO1/5464 caller is tcp_make_synack+0x841/0xac0 Call Trace: <TASK> dump_stack_lvl+0x10d/0x1a0 check_preemption_disabled+0x104/0x110 tcp_make_synack+0x841/0xac0 tcp_v6_send_synack+0x5c/0x450 tcp_rtx_synack+0xeb/0x1f0 inet_rtx_syn_ack+0x34/0x60 tcp_check_req+0x3af/0x9e0 tcp_rcv_state_process+0x59b/0x2030 tcp_v6_do_rcv+0x5f5/0x700 release_sock+0x3a/0xf0 tcp_sendmsg+0x33/0x40 ____sys_sendmsg+0x2f2/0x490 __sys_sendmsg+0x184/0x230 do_syscall_64+0x3d/0x90 Avoid calling __TCP_INC_STATS() with will touch per-cpu variables. Use TCP_INC_STATS() which is safe to be called from context switch. CVE-2023-53121 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53121.html CVE-2023-53121 https://bugzilla.suse.com/1242225 SUSE Bug 1242225 In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by either sas_end_device_alloc() or sas_expander_alloc(), all of which may return NULL. So we need to check the rphy to avoid possible NULL pointer access. If sas_rphy_add() returned with failure, rphy is set to NULL. We would access the rphy in the following lines which would also result NULL pointer access. CVE-2023-53124 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53124.html CVE-2023-53124 https://bugzilla.suse.com/1242165 SUSE Bug 1242165 In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network stack will leak kernel memory contents. CVE-2023-53125 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53125.html CVE-2023-53125 https://bugzilla.suse.com/1242285 SUSE Bug 1242285 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthread_stop() may prevent the threadfn from ever getting called. If that happens the svc_rqst will not be cleaned up. CVE-2023-53131 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53131.html CVE-2023-53131 https://bugzilla.suse.com/1242377 SUSE Bug 1242377 In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause out-of-bounds write in device_property_read_u8_array later. CVE-2023-53139 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53139.html CVE-2023-53139 https://bugzilla.suse.com/1242361 SUSE Bug 1242361 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Remove the /proc/scsi/${proc_name} directory earlier Remove the /proc/scsi/${proc_name} directory earlier to fix a race condition between unloading and reloading kernel modules. This fixes a bug introduced in 2009 by commit 77c019768f06 ("[SCSI] fix /proc memory leak in the SCSI core"). Fix the following kernel warning: proc_dir_entry 'scsi/scsi_debug' already registered WARNING: CPU: 19 PID: 27986 at fs/proc/generic.c:376 proc_register+0x27d/0x2e0 Call Trace: proc_mkdir+0xb5/0xe0 scsi_proc_hostdir_add+0xb5/0x170 scsi_host_alloc+0x683/0x6c0 sdebug_driver_probe+0x6b/0x2d0 [scsi_debug] really_probe+0x159/0x540 __driver_probe_device+0xdc/0x230 driver_probe_device+0x4f/0x120 __device_attach_driver+0xef/0x180 bus_for_each_drv+0xe5/0x130 __device_attach+0x127/0x290 device_initial_probe+0x17/0x20 bus_probe_device+0x110/0x130 device_add+0x673/0xc80 device_register+0x1e/0x30 sdebug_add_host_helper+0x1a7/0x3b0 [scsi_debug] scsi_debug_init+0x64f/0x1000 [scsi_debug] do_one_initcall+0xd7/0x470 do_init_module+0xe7/0x330 load_module+0x122a/0x12c0 __do_sys_finit_module+0x124/0x1a0 __x64_sys_finit_module+0x46/0x50 do_syscall_64+0x38/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 CVE-2023-53140 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53140.html CVE-2023-53140 https://bugzilla.suse.com/1242372 SUSE Bug 1242372 In the Linux kernel, the following vulnerability has been resolved: ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() ila_xlat_nl_cmd_get_mapping() generates an empty skb, triggerring a recent sanity check [1]. Instead, return an error code, so that user space can get it. [1] skb_assert_len WARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 skb_assert_len include/linux/skbuff.h:2527 [inline] WARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156 Modules linked in: CPU: 0 PID: 5923 Comm: syz-executor269 Not tainted 6.2.0-syzkaller-18300-g2ebd1fbb946d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_assert_len include/linux/skbuff.h:2527 [inline] pc : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156 lr : skb_assert_len include/linux/skbuff.h:2527 [inline] lr : __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156 sp : ffff80001e0d6c40 x29: ffff80001e0d6e60 x28: dfff800000000000 x27: ffff0000c86328c0 x26: dfff800000000000 x25: ffff0000c8632990 x24: ffff0000c8632a00 x23: 0000000000000000 x22: 1fffe000190c6542 x21: ffff0000c8632a10 x20: ffff0000c8632a00 x19: ffff80001856e000 x18: ffff80001e0d5fc0 x17: 0000000000000000 x16: ffff80001235d16c x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001 x11: ff80800008353a30 x10: 0000000000000000 x9 : 21567eaf25bfb600 x8 : 21567eaf25bfb600 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff80001e0d6558 x4 : ffff800015c74760 x3 : ffff800008596744 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000000e Call trace: skb_assert_len include/linux/skbuff.h:2527 [inline] __dev_queue_xmit+0x1bc0/0x3488 net/core/dev.c:4156 dev_queue_xmit include/linux/netdevice.h:3033 [inline] __netlink_deliver_tap_skb net/netlink/af_netlink.c:307 [inline] __netlink_deliver_tap+0x45c/0x6f8 net/netlink/af_netlink.c:325 netlink_deliver_tap+0xf4/0x174 net/netlink/af_netlink.c:338 __netlink_sendskb net/netlink/af_netlink.c:1283 [inline] netlink_sendskb+0x6c/0x154 net/netlink/af_netlink.c:1292 netlink_unicast+0x334/0x8d4 net/netlink/af_netlink.c:1380 nlmsg_unicast include/net/netlink.h:1099 [inline] genlmsg_unicast include/net/genetlink.h:433 [inline] genlmsg_reply include/net/genetlink.h:443 [inline] ila_xlat_nl_cmd_get_mapping+0x620/0x7d0 net/ipv6/ila/ila_xlat.c:493 genl_family_rcv_msg_doit net/netlink/genetlink.c:968 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline] genl_rcv_msg+0x938/0xc1c net/netlink/genetlink.c:1065 netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2574 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline] netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1365 netlink_sendmsg+0x800/0xae0 net/netlink/af_netlink.c:1942 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] ____sys_sendmsg+0x558/0x844 net/socket.c:2479 ___sys_sendmsg net/socket.c:2533 [inline] __sys_sendmsg+0x26c/0x33c net/socket.c:2562 __do_sys_sendmsg net/socket.c:2571 [inline] __se_sys_sendmsg net/socket.c:2569 [inline] __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2569 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:193 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591 irq event stamp: 136484 hardirqs last enabled at (136483): [<ffff800008350244>] __up_console_sem+0x60/0xb4 kernel/printk/printk.c:345 hardirqs last disabled at (136484): [<ffff800012358d60>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405 softirqs last enabled at (136418): [<ffff800008020ea8>] softirq_ha ---truncated--- CVE-2023-53141 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53141.html CVE-2023-53141 https://bugzilla.suse.com/1242362 SUSE Bug 1242362 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove. CVE-2023-53145 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2023-53145.html CVE-2023-53145 https://bugzilla.suse.com/1243047 SUSE Bug 1243047 In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: use the backlog for mirred ingress The test Davide added in commit ca22da2fbd69 ("act_mirred: use the backlog for nested calls to mirred ingress") hangs our testing VMs every 10 or so runs, with the familiar tcp_v4_rcv -> tcp_v4_rcv deadlock reported by lockdep. The problem as previously described by Davide (see Link) is that if we reverse flow of traffic with the redirect (egress -> ingress) we may reach the same socket which generated the packet. And we may still be holding its socket lock. The common solution to such deadlocks is to put the packet in the Rx backlog, rather than run the Rx path inline. Do that for all egress -> ingress reversals, not just once we started to nest mirred calls. In the past there was a concern that the backlog indirection will lead to loss of error reporting / less accurate stats. But the current workaround does not seem to address the issue. CVE-2024-26740 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2024-26740.html CVE-2024-26740 https://bugzilla.suse.com/1222563 SUSE Bug 1222563 In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Read of size 1 at addr ffff88812fb4000e by task syz-executor183/5191 [..] kasan_report+0xda/0x110 mm/kasan/report.c:588 __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline] ___skb_get_hash net/core/flow_dissector.c:1791 [inline] __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856 skb_get_hash include/linux/skbuff.h:1556 [inline] ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748 ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592 ... ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235 ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323 .. iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831 ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 ... The splat occurs because skb->data points past skb->head allocated area. This is because neigh layer does: __skb_pull(skb, skb_network_offset(skb)); ... but skb_network_offset() returns a negative offset and __skb_pull() arg is unsigned. IOW, we skb->data gets "adjusted" by a huge value. The negative value is returned because skb->head and skb->data distance is more than 64k and skb->network_header (u16) has wrapped around. The bug is in the ip_tunnel infrastructure, which can cause dev->needed_headroom to increment ad infinitum. The syzkaller reproducer consists of packets getting routed via a gre tunnel, and route of gre encapsulated packets pointing at another (ipip) tunnel. The ipip encapsulation finds gre0 as next output device. This results in the following pattern: 1). First packet is to be sent out via gre0. Route lookup found an output device, ipip0. 2). ip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future output device, rt.dev->needed_headroom (ipip0). 3). ip output / start_xmit moves skb on to ipip0. which runs the same code path again (xmit recursion). 4). Routing step for the post-gre0-encap packet finds gre0 as output device to use for ipip0 encapsulated packet. tunl0->needed_headroom is then incremented based on the (already bumped) gre0 device headroom. This repeats for every future packet: gre0->needed_headroom gets inflated because previous packets' ipip0 step incremented rt->dev (gre0) headroom, and ipip0 incremented because gre0 needed_headroom was increased. For each subsequent packet, gre/ipip0->needed_headroom grows until post-expand-head reallocations result in a skb->head/data distance of more than 64k. Once that happens, skb->network_header (u16) wraps around when pskb_expand_head tries to make sure that skb_network_offset() is unchanged after the headroom expansion/reallocation. After this skb_network_offset(skb) returns a different (and negative) result post headroom expansion. The next trip to neigh layer (or anything else that would __skb_pull the network header) makes skb->data point to a memory location outside skb->head area. v2: Cap the needed_headroom update to an arbitarily chosen upperlimit to prevent perpetual increase instead of dropping the headroom increment completely. CVE-2024-26804 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2024-26804.html CVE-2024-26804 https://bugzilla.suse.com/1222629 SUSE Bug 1222629 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [..... other info removed for brevity....] [ 82.890906] [ 82.890906] ============================================ [ 82.890906] WARNING: possible recursive locking detected [ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W [ 82.890906] -------------------------------------------- [ 82.890906] ping/418 is trying to acquire lock: [ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at: __dev_queue_xmit+0x1778/0x3550 [ 82.890906] [ 82.890906] but task is already holding lock: [ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at: __dev_queue_xmit+0x1778/0x3550 [ 82.890906] [ 82.890906] other info that might help us debug this: [ 82.890906] Possible unsafe locking scenario: [ 82.890906] [ 82.890906] CPU0 [ 82.890906] ---- [ 82.890906] lock(&sch->q.lock); [ 82.890906] lock(&sch->q.lock); [ 82.890906] [ 82.890906] *** DEADLOCK *** [ 82.890906] [..... other info removed for brevity....] Example setup (eth0->eth0) to recreate tc qdisc add dev eth0 root handle 1: htb default 30 tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth0 Another example(eth0->eth1->eth0) to recreate tc qdisc add dev eth0 root handle 1: htb default 30 tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth1 tc qdisc add dev eth1 root handle 1: htb default 30 tc filter add dev eth1 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth0 We fix this by adding an owner field (CPU id) to struct Qdisc set after root qdisc is entered. When the softirq enters it a second time, if the qdisc owner is the same CPU, the packet is dropped to break the loop. CVE-2024-27010 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2024-27010.html CVE-2024-27010 https://bugzilla.suse.com/1223720 SUSE Bug 1223720 In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane). CVE-2024-45021 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2024-45021.html CVE-2024-45021 https://bugzilla.suse.com/1230434 SUSE Bug 1230434 In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message. CVE-2024-46751 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2024-46751.html CVE-2024-46751 https://bugzilla.suse.com/1230786 SUSE Bug 1230786 In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Instead of a BUG_ON() just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't have the full backref flag set. This is unexpected and should never happen (save for bugs or a potential bad memory). CVE-2024-46752 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2024-46752.html CVE-2024-46752 https://bugzilla.suse.com/1230794 SUSE Bug 1230794 In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has expired and needs to be revoked so it marks the delegation stid revoked and it puts it on a reaper list but then it unlock the state lock and the actual delegation revocation happens without the lock. Once the stid is marked revoked a racing free_stateid processing thread does the following (1) it calls list_del_init() which removes it from the reaper list and (2) frees the delegation stid structure. The laundromat thread ends up not calling the revoke_delegation() function for this particular delegation but that means it will no release the lock lease that exists on the file. Now, a new open for this file comes in and ends up finding that lease list isn't empty and calls nfsd_breaker_owns_lease() which ends up trying to derefence a freed delegation stateid. Leading to the followint use-after-free KASAN warning: kernel: ================================================================== kernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd] kernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205 kernel: kernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9 kernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024 kernel: Call trace: kernel: dump_backtrace+0x98/0x120 kernel: show_stack+0x1c/0x30 kernel: dump_stack_lvl+0x80/0xe8 kernel: print_address_description.constprop.0+0x84/0x390 kernel: print_report+0xa4/0x268 kernel: kasan_report+0xb4/0xf8 kernel: __asan_report_load8_noabort+0x1c/0x28 kernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd] kernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd] kernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd] kernel: nfs4_get_vfs_file+0x634/0x958 [nfsd] kernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd] kernel: nfsd4_open+0xa08/0xe80 [nfsd] kernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd] kernel: nfsd_dispatch+0x22c/0x718 [nfsd] kernel: svc_process_common+0x8e8/0x1960 [sunrpc] kernel: svc_process+0x3d4/0x7e0 [sunrpc] kernel: svc_handle_xprt+0x828/0xe10 [sunrpc] kernel: svc_recv+0x2cc/0x6a8 [sunrpc] kernel: nfsd+0x270/0x400 [nfsd] kernel: kthread+0x288/0x310 kernel: ret_from_fork+0x10/0x20 This patch proposes a fixed that's based on adding 2 new additional stid's sc_status values that help coordinate between the laundromat and other operations (nfsd4_free_stateid() and nfsd4_delegreturn()). First to make sure, that once the stid is marked revoked, it is not removed by the nfsd4_free_stateid(), the laundromat take a reference on the stateid. Then, coordinating whether the stid has been put on the cl_revoked list or we are processing FREE_STATEID and need to make sure to remove it from the list, each check that state and act accordingly. If laundromat has added to the cl_revoke list before the arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove it from the list. If nfsd4_free_stateid() finds that operations arrived before laundromat has placed it on cl_revoke list, it marks the state freed and then laundromat will no longer add it to the list. Also, for nfsd4_delegreturn() when looking for the specified stid, we need to access stid that are marked removed or freeable, it means the laundromat has started processing it but hasn't finished and this delegreturn needs to return nfserr_deleg_revoked and not nfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the lack of it will leave this stid on the cl_revoked list indefinitely. CVE-2024-50106 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2024-50106.html CVE-2024-50106 https://bugzilla.suse.com/1232882 SUSE Bug 1232882 In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace: <IRQ> dump_stack_lvl+0x68/0xa0 print_address_description.constprop.0+0x2c/0x3d0 print_report+0xb4/0x270 kasan_report+0xbd/0xf0 tcp_write_timer_handler+0x156/0x3e0 tcp_write_timer+0x66/0x170 call_timer_fn+0xfb/0x1d0 __run_timers+0x3f8/0x480 run_timer_softirq+0x9b/0x100 handle_softirqs+0x153/0x390 __irq_exit_rcu+0x103/0x120 irq_exit_rcu+0xe/0x20 sysvec_apic_timer_interrupt+0x76/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 RSP: 0018:ffffffffa2007e28 EFLAGS: 00000242 RAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d R10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000 R13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0 default_idle_call+0x6b/0xa0 cpuidle_idle_call+0x1af/0x1f0 do_idle+0xbc/0x130 cpu_startup_entry+0x33/0x40 rest_init+0x11f/0x210 start_kernel+0x39a/0x420 x86_64_start_reservations+0x18/0x30 x86_64_start_kernel+0x97/0xa0 common_startup_64+0x13e/0x141 </TASK> Allocated by task 595: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x87/0x90 kmem_cache_alloc_noprof+0x12b/0x3f0 copy_net_ns+0x94/0x380 create_new_namespaces+0x24c/0x500 unshare_nsproxy_namespaces+0x75/0xf0 ksys_unshare+0x24e/0x4f0 __x64_sys_unshare+0x1f/0x30 do_syscall_64+0x70/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 100: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x54/0x70 kmem_cache_free+0x156/0x5d0 cleanup_net+0x5d3/0x670 process_one_work+0x776/0xa90 worker_thread+0x2e2/0x560 kthread+0x1a8/0x1f0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Reproduction script: mkdir -p /mnt/nfsshare mkdir -p /mnt/nfs/netns_1 mkfs.ext4 /dev/sdb mount /dev/sdb /mnt/nfsshare systemctl restart nfs-server chmod 777 /mnt/nfsshare exportfs -i -o rw,no_root_squash *:/mnt/nfsshare ip netns add netns_1 ip link add name veth_1_peer type veth peer veth_1 ifconfig veth_1_peer 11.11.0.254 up ip link set veth_1 netns netns_1 ip netns exec netns_1 ifconfig veth_1 11.11.0.1 ip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \ --tcp-flags FIN FIN -j DROP (note: In my environment, a DESTROY_CLIENTID operation is always sent immediately, breaking the nfs tcp connection.) ip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \ 11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1 ip netns del netns_1 The reason here is that the tcp socket in netns_1 (nfs side) has been shutdown and closed (done in xs_destroy), but the FIN message (with ack) is discarded, and the nfsd side keeps sending retransmission messages. As a result, when the tcp sock in netns_1 processes the received message, it sends the message (FIN message) in the sending queue, and the tcp timer is re-established. When the network namespace is deleted, the net structure accessed by tcp's timer handler function causes problems. To fix this problem, let's hold netns refcnt for the tcp kernel socket as done in other modules. This is an ugly hack which can easily be backported to earlier kernels. A proper fix which cleans up the interfaces will follow, but may not be so easy to backport. CVE-2024-53168 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2024-53168.html CVE-2024-53168 https://bugzilla.suse.com/1234887 SUSE Bug 1234887 https://bugzilla.suse.com/1243650 SUSE Bug 1243650 In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg The current sk memory accounting logic in __SK_REDIRECT is pre-uncharging tosend bytes, which is either msg->sg.size or a smaller value apply_bytes. Potential problems with this strategy are as follows: - If the actual sent bytes are smaller than tosend, we need to charge some bytes back, as in line 487, which is okay but seems not clean. - When tosend is set to apply_bytes, as in line 417, and (ret < 0), we may miss uncharging (msg->sg.size - apply_bytes) bytes. [...] 415 tosend = msg->sg.size; 416 if (psock->apply_bytes && psock->apply_bytes < tosend) 417 tosend = psock->apply_bytes; [...] 443 sk_msg_return(sk, msg, tosend); 444 release_sock(sk); 446 origsize = msg->sg.size; 447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress, 448 msg, tosend, flags); 449 sent = origsize - msg->sg.size; [...] 454 lock_sock(sk); 455 if (unlikely(ret < 0)) { 456 int free = sk_msg_free_nocharge(sk, msg); 458 if (!cork) 459 *copied -= free; 460 } [...] 487 if (eval == __SK_REDIRECT) 488 sk_mem_charge(sk, tosend - sent); [...] When running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply, the following warning will be reported: ------------[ cut here ]------------ WARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0 Modules linked in: CPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Workqueue: events sk_psock_destroy RIP: 0010:inet_sock_destruct+0x190/0x1a0 RSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206 RAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800 RDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900 RBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0 R10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400 R13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100 FS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __warn+0x89/0x130 ? inet_sock_destruct+0x190/0x1a0 ? report_bug+0xfc/0x1e0 ? handle_bug+0x5c/0xa0 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? inet_sock_destruct+0x190/0x1a0 __sk_destruct+0x25/0x220 sk_psock_destroy+0x2b2/0x310 process_scheduled_works+0xa3/0x3e0 worker_thread+0x117/0x240 ? __pfx_worker_thread+0x10/0x10 kthread+0xcf/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x40 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ---[ end trace 0000000000000000 ]--- In __SK_REDIRECT, a more concise way is delaying the uncharging after sent bytes are finalized, and uncharge this value. When (ret < 0), we shall invoke sk_msg_free. Same thing happens in case __SK_DROP, when tosend is set to apply_bytes, we may miss uncharging (msg->sg.size - apply_bytes) bytes. The same warning will be reported in selftest. [...] 468 case __SK_DROP: 469 default: 470 sk_msg_free_partial(sk, msg, tosend); 471 sk_msg_apply_bytes(psock, tosend); 472 *copied -= (tosend + delta); 473 return -EACCES; [...] So instead of sk_msg_free_partial we can do sk_msg_free here. CVE-2024-56633 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2024-56633.html CVE-2024-56633 https://bugzilla.suse.com/1235485 SUSE Bug 1235485 In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur The action force umount(umount -f) will attempt to kill all rpc_task even umount operation may ultimately fail if some files remain open. Consequently, if an action attempts to open a file, it can potentially send two rpc_task to nfs server. NFS CLIENT thread1 thread2 open("file") ... nfs4_do_open _nfs4_do_open _nfs4_open_and_get_state _nfs4_proc_open nfs4_run_open_task /* rpc_task1 */ rpc_run_task rpc_wait_for_completion_task umount -f nfs_umount_begin rpc_killall_tasks rpc_signal_task rpc_task1 been wakeup and return -512 _nfs4_do_open // while loop ... nfs4_run_open_task /* rpc_task2 */ rpc_run_task rpc_wait_for_completion_task While processing an open request, nfsd will first attempt to find or allocate an nfs4_openowner. If it finds an nfs4_openowner that is not marked as NFS4_OO_CONFIRMED, this nfs4_openowner will released. Since two rpc_task can attempt to open the same file simultaneously from the client to server, and because two instances of nfsd can run concurrently, this situation can lead to lots of memory leak. Additionally, when we echo 0 to /proc/fs/nfsd/threads, warning will be triggered. NFS SERVER nfsd1 nfsd2 echo 0 > /proc/fs/nfsd/threads nfsd4_open nfsd4_process_open1 find_or_alloc_open_stateowner // alloc oo1, stateid1 nfsd4_open nfsd4_process_open1 find_or_alloc_open_stateowner // find oo1, without NFS4_OO_CONFIRMED release_openowner unhash_openowner_locked list_del_init(&oo->oo_perclient) // cannot find this oo // from client, LEAK!!! alloc_stateowner // alloc oo2 nfsd4_process_open2 init_open_stateid // associate oo1 // with stateid1, stateid1 LEAK!!! nfs4_get_vfs_file // alloc nfsd_file1 and nfsd_file_mark1 // all LEAK!!! nfsd4_process_open2 ... write_threads ... nfsd_destroy_serv nfsd_shutdown_net nfs4_state_shutdown_net nfs4_state_destroy_net destroy_client __destroy_client // won't find oo1!!! nfsd_shutdown_generic nfsd_file_cache_shutdown kmem_cache_destroy for nfsd_file_slab and nfsd_file_mark_slab // bark since nfsd_file1 // and nfsd_file_mark1 // still alive ======================================================================= BUG nfsd_file (Not tainted): Objects remaining in nfsd_file on __kmem_cache_shutdown() ----------------------------------------------------------------------- Slab 0xffd4000004438a80 objects=34 used=1 fp=0xff11000110e2ad28 flags=0x17ffffc0000240(workingset|head|node=0|zone=2|lastcpupid=0x1fffff) CPU: 4 UID: 0 PID: 757 Comm: sh Not tainted 6.12.0-rc6+ #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dum ---truncated--- CVE-2024-56779 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2024-56779.html CVE-2024-56779 https://bugzilla.suse.com/1235632 SUSE Bug 1235632 In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns. CVE-2025-21648 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-21648.html CVE-2025-21648 https://bugzilla.suse.com/1236142 SUSE Bug 1236142 In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one. Then, pfifo_tail_enqueue() enqueue new packet and increase scheduler's qlen by one. Finally, pfifo_tail_enqueue() return `NET_XMIT_CN` status code. Weird behaviour: In case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a scheduler that has no packet, the 'drop a packet' step will do nothing. This means the scheduler's qlen still has value equal 0. Then, we continue to enqueue new packet and increase scheduler's qlen by one. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by one and return `NET_XMIT_CN` status code. The problem is: Let's say we have two qdiscs: Qdisc_A and Qdisc_B. - Qdisc_A's type must have '->graft()' function to create parent/child relationship. Let's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`. - Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`. - Qdisc_B is configured to have `sch->limit == 0`. - Qdisc_A is configured to route the enqueued's packet to Qdisc_B. Enqueue packet through Qdisc_A will lead to: - hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B) - Qdisc_B->q.qlen += 1 - pfifo_tail_enqueue() return `NET_XMIT_CN` - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A. The whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1. Replace 'hfsc' with other type (for example: 'drr') still lead to the same problem. This violate the design where parent's qlen should equal to the sum of its childrens'qlen. Bug impact: This issue can be used for user->kernel privilege escalation when it is reachable. CVE-2025-21702 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-21702.html CVE-2025-21702 https://bugzilla.suse.com/1237312 SUSE Bug 1237312 In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification, we can't calculate an expected_size. Log an error and discard the notification instead of reading lengths from memory outside the received data, which can lead to memory corruption when the expected_size decreases between fragments, causing `expected_size - acm->nb_index` to wrap. This issue has been present since the beginning of git history; however, it only leads to memory corruption since commit ea2583529cd1 ("cdc-acm: reassemble fragmented notifications"). A mitigating factor is that acm_ctrl_irq() can only execute after userspace has opened /dev/ttyACM*; but if ModemManager is running, ModemManager will do that automatically depending on the USB device's vendor/product IDs and its other interfaces. CVE-2025-21704 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-21704.html CVE-2025-21704 https://bugzilla.suse.com/1237571 SUSE Bug 1237571 In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul byte. [1] BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inline] BUG: KMSAN: uninit-value in string+0x3ec/0x5f0 lib/vsprintf.c:714 string_nocheck lib/vsprintf.c:633 [inline] string+0x3ec/0x5f0 lib/vsprintf.c:714 vsnprintf+0xa5d/0x1960 lib/vsprintf.c:2843 __request_module+0x252/0x9f0 kernel/module/kmod.c:149 team_mode_get drivers/net/team/team_core.c:480 [inline] team_change_mode drivers/net/team/team_core.c:607 [inline] team_mode_option_set+0x437/0x970 drivers/net/team/team_core.c:1401 team_option_set drivers/net/team/team_core.c:375 [inline] team_nl_options_set_doit+0x1339/0x1f90 drivers/net/team/team_core.c:2662 genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x1214/0x12c0 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x375/0x650 net/netlink/af_netlink.c:2543 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline] netlink_unicast+0xf52/0x1260 net/netlink/af_netlink.c:1348 netlink_sendmsg+0x10da/0x11e0 net/netlink/af_netlink.c:1892 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:733 ____sys_sendmsg+0x877/0xb60 net/socket.c:2573 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2627 __sys_sendmsg net/socket.c:2659 [inline] __do_sys_sendmsg net/socket.c:2664 [inline] __se_sys_sendmsg net/socket.c:2662 [inline] __x64_sys_sendmsg+0x212/0x3c0 net/socket.c:2662 x64_sys_call+0x2ed6/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f CVE-2025-21787 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-21787.html CVE-2025-21787 https://bugzilla.suse.com/1238774 SUSE Bug 1238774 In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptp_s390.c, ptp_vclock.c and ptp_mock.c. Instead use a dummy callback if no better was specified by the driver. CVE-2025-21814 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-21814.html CVE-2025-21814 https://bugzilla.suse.com/1238473 SUSE Bug 1238473 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released l2cap_conn when sending to the upper layer. Add hci dev lock to the hci receive data work queue to synchronize the two. [1] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954 Read of size 8 at addr ffff8880271a4000 by task kworker/u9:2/5837 CPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.13.0-rc5-syzkaller-00163-gab75170520d4 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: hci1 hci_rx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 l2cap_build_cmd net/bluetooth/l2cap_core.c:2964 [inline] l2cap_send_cmd+0x187/0x8d0 net/bluetooth/l2cap_core.c:954 l2cap_sig_send_rej net/bluetooth/l2cap_core.c:5502 [inline] l2cap_sig_channel net/bluetooth/l2cap_core.c:5538 [inline] l2cap_recv_frame+0x221f/0x10db0 net/bluetooth/l2cap_core.c:6817 hci_acldata_packet net/bluetooth/hci_core.c:3797 [inline] hci_rx_work+0x508/0xdb0 net/bluetooth/hci_core.c:4040 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 5837: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329 kmalloc_noprof include/linux/slab.h:901 [inline] kzalloc_noprof include/linux/slab.h:1037 [inline] l2cap_conn_add+0xa9/0x8e0 net/bluetooth/l2cap_core.c:6860 l2cap_connect_cfm+0x115/0x1090 net/bluetooth/l2cap_core.c:7239 hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline] hci_remote_features_evt+0x68e/0xac0 net/bluetooth/hci_event.c:3726 hci_event_func net/bluetooth/hci_event.c:7473 [inline] hci_event_packet+0xac2/0x1540 net/bluetooth/hci_event.c:7525 hci_rx_work+0x3f3/0xdb0 net/bluetooth/hci_core.c:4035 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 54: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2353 [inline] slab_free mm/slub.c:4613 [inline] kfree+0x196/0x430 mm/slub.c:4761 l2cap_connect_cfm+0xcc/0x1090 net/bluetooth/l2cap_core.c:7235 hci_connect_cfm include/net/bluetooth/hci_core.h:2057 [inline] hci_conn_failed+0x287/0x400 net/bluetooth/hci_conn.c:1266 hci_abort_conn_sync+0x56c/0x11f0 net/bluetooth/hci_sync.c:5603 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:332 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr ---truncated--- CVE-2025-21969 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-21969.html CVE-2025-21969 https://bugzilla.suse.com/1240784 SUSE Bug 1240784 In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket (if any). Then socket_match() can correctly check whether the socket was transparent. However, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this conntrack lookup, making xt_socket fail to match on the socket when the packet was SNATed. Add the same logic to nf_sk_lookup_slow_v6. IPv6 SNAT is used in Kubernetes clusters for pod-to-world packets, as pods' addresses are in the fd00::/8 ULA subnet and need to be replaced with the node's external address. Cilium leverages Envoy to enforce L7 policies, and Envoy uses transparent sockets. Cilium inserts an iptables prerouting rule that matches on `-m socket --transparent` and redirects the packets to localhost, but it fails to match SNATed IPv6 packets due to that missing conntrack lookup. CVE-2025-22021 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-22021.html CVE-2025-22021 https://bugzilla.suse.com/1241282 SUSE Bug 1241282 In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we increment the reference count of dl_stid. We expect that after the corresponding work_struct is processed, the reference count of dl_stid will be decremented through the callback function nfsd4_cb_recall_release. However, if the call to nfsd4_run_cb fails, the incremented reference count of dl_stid will not be decremented correspondingly, leading to the following nfs4_stid leak: unreferenced object 0xffff88812067b578 (size 344): comm "nfsd", pid 2761, jiffies 4295044002 (age 5541.241s) hex dump (first 32 bytes): 01 00 00 00 6b 6b 6b 6b b8 02 c0 e2 81 88 ff ff ....kkkk........ 00 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 ad 4e ad de .kkkkkkk.....N.. backtrace: kmem_cache_alloc+0x4b9/0x700 nfsd4_process_open1+0x34/0x300 nfsd4_open+0x2d1/0x9d0 nfsd4_proc_compound+0x7a2/0xe30 nfsd_dispatch+0x241/0x3e0 svc_process_common+0x5d3/0xcc0 svc_process+0x2a3/0x320 nfsd+0x180/0x2e0 kthread+0x199/0x1d0 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1b/0x30 unreferenced object 0xffff8881499f4d28 (size 368): comm "nfsd", pid 2761, jiffies 4295044005 (age 5541.239s) hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 30 4d 9f 49 81 88 ff ff ........0M.I.... 30 4d 9f 49 81 88 ff ff 20 00 00 00 01 00 00 00 0M.I.... ....... backtrace: kmem_cache_alloc+0x4b9/0x700 nfs4_alloc_stid+0x29/0x210 alloc_init_deleg+0x92/0x2e0 nfs4_set_delegation+0x284/0xc00 nfs4_open_delegation+0x216/0x3f0 nfsd4_process_open2+0x2b3/0xee0 nfsd4_open+0x770/0x9d0 nfsd4_proc_compound+0x7a2/0xe30 nfsd_dispatch+0x241/0x3e0 svc_process_common+0x5d3/0xcc0 svc_process+0x2a3/0x320 nfsd+0x180/0x2e0 kthread+0x199/0x1d0 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1b/0x30 Fix it by checking the result of nfsd4_run_cb and call nfs4_put_stid if fail to queue dl_recall. CVE-2025-22025 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-22025.html CVE-2025-22025 https://bugzilla.suse.com/1241361 SUSE Bug 1241361 In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer dereference of dev->raw pointer, even though it is checked for NULL in the same function, which means there is a race condition. It occurs due to the incorrect order of actions in the streamzap_disconnect() function: rc_unregister_device() is called before usb_kill_urb(). The dev->raw pointer is freed and set to NULL in rc_unregister_device(), and only after that usb_kill_urb() waits for in-progress requests to finish. If rc_unregister_device() is called while streamzap_callback() handler is not finished, this can lead to accessing freed resources. Thus rc_unregister_device() should be called after usb_kill_urb(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2025-22027 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-22027.html CVE-2025-22027 https://bugzilla.suse.com/1241369 SUSE Bug 1241369 In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rx_complete Missing usbnet_going_away Check in Critical Path. The usb_submit_urb function lacks a usbnet_going_away validation, whereas __usbnet_queue_skb includes this check. This inconsistency creates a race condition where: A URB request may succeed, but the corresponding SKB data fails to be queued. Subsequent processes: (e.g., rx_complete → defer_bh → __skb_unlink(skb, list)) attempt to access skb->next, triggering a NULL pointer dereference (Kernel Panic). CVE-2025-22050 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-22050.html CVE-2025-22050 https://bugzilla.suse.com/1241441 SUSE Bug 1241441 In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasionally spiked to 524,288 pages and never dropped. Moreover, the value doubled when the application was terminated. Finally, it caused intermittent packet drops. We can reproduce the issue with the script below [0]: 1. /proc/net/sockstat reports 0 pages # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 0 2. Run the script till the report reaches 524,288 # python3 test.py & sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 3 mem 524288 <-- (INT_MAX + 1) >> PAGE_SHIFT 3. Kill the socket and confirm the number never drops # pkill python3 && sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 524288 4. (necessary since v6.0) Trigger proto_memory_pcpu_drain() # python3 test.py & sleep 1 && pkill python3 5. The number doubles # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 1048577 The application set INT_MAX to SO_RCVBUF, which triggered an integer overflow in udp_rmem_release(). When a socket is close()d, udp_destruct_common() purges its receive queue and sums up skb->truesize in the queue. This total is calculated and stored in a local unsigned integer variable. The total size is then passed to udp_rmem_release() to adjust memory accounting. However, because the function takes a signed integer argument, the total size can wrap around, causing an overflow. Then, the released amount is calculated as follows: 1) Add size to sk->sk_forward_alloc. 2) Round down sk->sk_forward_alloc to the nearest lower multiple of PAGE_SIZE and assign it to amount. 3) Subtract amount from sk->sk_forward_alloc. 4) Pass amount >> PAGE_SHIFT to __sk_mem_reduce_allocated(). When the issue occurred, the total in udp_destruct_common() was 2147484480 (INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release(). At 1) sk->sk_forward_alloc is changed from 3264 to -2147479552, and 2) sets -2147479552 to amount. 3) reverts the wraparound, so we don't see a warning in inet_sock_destruct(). However, udp_memory_allocated ends up doubling at 4). Since commit 3cd3399dd7a8 ("net: implement per-cpu reserves for memory_allocated"), memory usage no longer doubles immediately after a socket is close()d because __sk_mem_reduce_allocated() caches the amount in udp_memory_per_cpu_fw_alloc. However, the next time a UDP socket receives a packet, the subtraction takes effect, causing UDP memory usage to double. This issue makes further memory allocation fail once the socket's sk->sk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet drops. To prevent this issue, let's use unsigned int for the calculation and call sk_forward_alloc_add() only once for the small delta. Note that first_packet_length() also potentially has the same problem. [0]: from socket import * SO_RCVBUFFORCE = 33 INT_MAX = (2 ** 31) - 1 s = socket(AF_INET, SOCK_DGRAM) s.bind(('', 0)) s.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX) c = socket(AF_INET, SOCK_DGRAM) c.connect(s.getsockname()) data = b'a' * 100 while True: c.send(data) CVE-2025-22058 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-22058.html CVE-2025-22058 https://bugzilla.suse.com/1241332 SUSE Bug 1241332 In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an index register that selects the row to read or write to. This means that operations must be atomic in order to, e.g., avoid spreading writes across multiple rows. Since the shadow SRAM array is used to find free rows in the hardware table, it must also be protected in order to avoid TOCTOU errors where multiple cores allocate the same row. This issue was detected in a situation where `mvpp2_set_rx_mode()` ran concurrently on two CPUs. In this particular case the MVPP2_PE_MAC_UC_PROMISCUOUS entry was corrupted, causing the classifier unit to drop all incoming unicast - indicated by the `rx_classifier_drops` counter. CVE-2025-22060 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-22060.html CVE-2025-22060 https://bugzilla.suse.com/1241526 SUSE Bug 1241526 In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect function is called with an IPv6 address, the function calipso_sock_setattr() is triggered. Inside this function, the following code is executed: sk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL; Since sk is an IPv4 socket, pinet6 is NULL, leading to a null pointer dereference. This patch fixes the issue by checking if inet6_sk(sk) returns a NULL pointer before accessing pinet6. CVE-2025-22063 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-22063.html CVE-2025-22063 https://bugzilla.suse.com/1241351 SUSE Bug 1241351 In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Use kernel helpers for hex dumps Previously, when the driver was printing hex dumps, the buffer was cast to an 8 byte long and printed using string formatters. If the buffer size was not a multiple of 8 then a read buffer overflow was possible. Therefore, create a new ibmvnic function that loops over a buffer and calls hex_dump_to_buffer instead. This patch address KASAN reports like the one below: ibmvnic 30000003 env3: Login Buffer: ibmvnic 30000003 env3: 01000000af000000 <...> ibmvnic 30000003 env3: 2e6d62692e736261 ibmvnic 30000003 env3: 65050003006d6f63 ================================================================== BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic] Read of size 8 at addr c0000001331a9aa8 by task ip/17681 <...> Allocated by task 17681: <...> ibmvnic_login+0x2f0/0xffc [ibmvnic] ibmvnic_open+0x148/0x308 [ibmvnic] __dev_open+0x1ac/0x304 <...> The buggy address is located 168 bytes inside of allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf) <...> ================================================================= ibmvnic 30000003 env3: 000000000033766e CVE-2025-22104 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-22104.html CVE-2025-22104 https://bugzilla.suse.com/1241550 SUSE Bug 1241550 In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL"). Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in int3402_thermal_probe(). Note, under the same directory, int3400_thermal_probe() has such a check. [ rjw: Subject edit, added Fixes: ] CVE-2025-23136 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-23136.html CVE-2025-23136 https://bugzilla.suse.com/1241357 SUSE Bug 1241357 In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in do_split Syzkaller detected a use-after-free issue in ext4_insert_dentry that was caused by out-of-bounds access due to incorrect splitting in do_split. BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109 Write of size 251 at addr ffff888074572f14 by task syz-executor335/5847 CPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109 add_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154 make_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351 ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455 ext4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796 ext4_symlink+0x920/0xb50 fs/ext4/namei.c:3431 vfs_symlink+0x137/0x2e0 fs/namei.c:4615 do_symlinkat+0x222/0x3a0 fs/namei.c:4641 __do_sys_symlink fs/namei.c:4662 [inline] __se_sys_symlink fs/namei.c:4660 [inline] __x64_sys_symlink+0x7a/0x90 fs/namei.c:4660 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> The following loop is located right above 'if' statement. for (i = count-1; i >= 0; i--) { /* is more than half of this entry in 2nd half of the block? */ if (size + map[i].size/2 > blocksize/2) break; size += map[i].size; move++; } 'i' in this case could go down to -1, in which case sum of active entries wouldn't exceed half the block size, but previous behaviour would also do split in half if sum would exceed at the very last block, which in case of having too many long name files in a single block could lead to out-of-bounds access and following use-after-free. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2025-23150 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-23150.html CVE-2025-23150 https://bugzilla.suse.com/1242513 SUSE Bug 1242513 In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write is a low-level hardware access. The functions can be accessed with disabled interrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this purpose. A spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be acquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in the same context as the pci_lock. Make vmd_dev::cfg_lock a raw_spinlock_t type so it can be used with interrupts disabled. This was reported as: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 Call Trace: rt_spin_lock+0x4e/0x130 vmd_pci_read+0x8d/0x100 [vmd] pci_user_read_config_byte+0x6f/0xe0 pci_read_config+0xfe/0x290 sysfs_kf_bin_read+0x68/0x90 [bigeasy: reword commit message] Tested-off-by: Luis Claudio R. Goncalves <lgoncalv@redhat.com> [kwilczynski: commit log] [bhelgaas: add back report info from https://lore.kernel.org/lkml/20241218115951.83062-1-ryotkkr98@gmail.com/] CVE-2025-23161 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-23161.html CVE-2025-23161 https://bugzilla.suse.com/1242792 SUSE Bug 1242792 In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When ppp_sync_txmung receives an incoming package with an empty payload: (remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0xffff8880371cdb96 } from the skb struct (trimmed) tail = 0x16, end = 0x140, head = 0xffff88803346f400 "4", data = 0xffff88803346f416 ":\377", truesize = 0x380, len = 0x0, data_len = 0x0, mac_len = 0xe, hdr_len = 0x0, it is not safe to access data[2]. [pabeni@redhat.com: fixed subj typo] CVE-2025-37749 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37749.html CVE-2025-37749 https://bugzilla.suse.com/1242859 SUSE Bug 1242859 In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: move the limit validation It is not sufficient to directly validate the limit on the data that the user passes as it can be updated based on how the other parameters are changed. Move the check at the end of the configuration update process to also catch scenarios where the limit is indirectly updated, for example with the following configurations: tc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1 tc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1 This fixes the following syzkaller reported crash: ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6 index 65535 is out of range for type 'struct sfq_head[128]' CPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429 sfq_link net/sched/sch_sfq.c:203 [inline] sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231 sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493 sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518 qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035 tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339 qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035 dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311 netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline] dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375 CVE-2025-37752 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37752.html CVE-2025-37752 https://bugzilla.suse.com/1242504 SUSE Bug 1242504 In the Linux kernel, the following vulnerability has been resolved: isofs: Prevent the use of too small fid syzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1] The handle_bytes value passed in by the reproducing program is equal to 12. In handle_to_path(), only 12 bytes of memory are allocated for the structure file_handle->f_handle member, which causes an out-of-bounds access when accessing the member parent_block of the structure isofs_fid in isofs, because accessing parent_block requires at least 16 bytes of f_handle. Here, fh_len is used to indirectly confirm that the value of handle_bytes is greater than 3 before accessing parent_block. [1] BUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183 Read of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466 CPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0x198/0x550 mm/kasan/report.c:521 kasan_report+0xd8/0x138 mm/kasan/report.c:634 __asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380 isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183 exportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523 do_handle_to_path+0xa0/0x198 fs/fhandle.c:257 handle_to_path fs/fhandle.c:385 [inline] do_handle_open+0x8cc/0xb8c fs/fhandle.c:403 __do_sys_open_by_handle_at fs/fhandle.c:443 [inline] __se_sys_open_by_handle_at fs/fhandle.c:434 [inline] __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 Allocated by task 6466: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4294 [inline] __kmalloc_noprof+0x32c/0x54c mm/slub.c:4306 kmalloc_noprof include/linux/slab.h:905 [inline] handle_to_path fs/fhandle.c:357 [inline] do_handle_open+0x5a4/0xb8c fs/fhandle.c:403 __do_sys_open_by_handle_at fs/fhandle.c:443 [inline] __se_sys_open_by_handle_at fs/fhandle.c:434 [inline] __arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600 CVE-2025-37780 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37780.html CVE-2025-37780 https://bugzilla.suse.com/1242786 SUSE Bug 1242786 In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Syzbot reported an issue in hfs subsystem: BUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 Write of size 94 at addr ffff8880123cd100 by task syz-executor237/5102 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106 memcpy_from_page include/linux/highmem.h:423 [inline] hfs_bnode_read fs/hfs/bnode.c:35 [inline] hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70 hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159 hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118 hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232 vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257 do_mkdirat+0x264/0x3a0 fs/namei.c:4280 __do_sys_mkdir fs/namei.c:4300 [inline] __se_sys_mkdir fs/namei.c:4298 [inline] __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fbdd6057a99 Add a check for key length in hfs_bnode_read_key to prevent out-of-bounds memory access. If the key length is invalid, the key buffer is cleared, improving stability and reliability. CVE-2025-37782 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37782.html CVE-2025-37782 https://bugzilla.suse.com/1242770 SUSE Bug 1242770 In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first. CVE-2025-37789 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37789.html CVE-2025-37789 https://bugzilla.suse.com/1242762 SUSE Bug 1242762 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Purge vif txq in ieee80211_do_stop() After ieee80211_do_stop() SKB from vif's txq could still be processed. Indeed another concurrent vif schedule_and_wake_txq call could cause those packets to be dequeued (see ieee80211_handle_wake_tx_queue()) without checking the sdata current state. Because vif.drv_priv is now cleared in this function, this could lead to driver crash. For example in ath12k, ahvif is store in vif.drv_priv. Thus if ath12k_mac_op_tx() is called after ieee80211_do_stop(), ahvif->ah can be NULL, leading the ath12k_warn(ahvif->ah,...) call in this function to trigger the NULL deref below. Unable to handle kernel paging request at virtual address dfffffc000000001 KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] batman_adv: bat0: Interface deactivated: brbh1337 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [dfffffc000000001] address between user and kernel address ranges Internal error: Oops: 0000000096000004 [#1] SMP CPU: 1 UID: 0 PID: 978 Comm: lbd Not tainted 6.13.0-g633f875b8f1e #114 Hardware name: HW (DT) pstate: 10000005 (nzcV daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k] lr : ath12k_mac_op_tx+0x174/0x29b8 [ath12k] sp : ffffffc086ace450 x29: ffffffc086ace450 x28: 0000000000000000 x27: 1ffffff810d59ca4 x26: ffffff801d05f7c0 x25: 0000000000000000 x24: 000000004000001e x23: ffffff8009ce4926 x22: ffffff801f9c0800 x21: ffffff801d05f7f0 x20: ffffff8034a19f40 x19: 0000000000000000 x18: ffffff801f9c0958 x17: ffffff800bc0a504 x16: dfffffc000000000 x15: ffffffc086ace4f8 x14: ffffff801d05f83c x13: 0000000000000000 x12: ffffffb003a0bf03 x11: 0000000000000000 x10: ffffffb003a0bf02 x9 : ffffff8034a19f40 x8 : ffffff801d05f818 x7 : 1ffffff0069433dc x6 : ffffff8034a19ee0 x5 : ffffff801d05f7f0 x4 : 0000000000000000 x3 : 0000000000000001 x2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000008 Call trace: ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k] (P) ieee80211_handle_wake_tx_queue+0x16c/0x260 ieee80211_queue_skb+0xeec/0x1d20 ieee80211_tx+0x200/0x2c8 ieee80211_xmit+0x22c/0x338 __ieee80211_subif_start_xmit+0x7e8/0xc60 ieee80211_subif_start_xmit+0xc4/0xee0 __ieee80211_subif_start_xmit_8023.isra.0+0x854/0x17a0 ieee80211_subif_start_xmit_8023+0x124/0x488 dev_hard_start_xmit+0x160/0x5a8 __dev_queue_xmit+0x6f8/0x3120 br_dev_queue_push_xmit+0x120/0x4a8 __br_forward+0xe4/0x2b0 deliver_clone+0x5c/0xd0 br_flood+0x398/0x580 br_dev_xmit+0x454/0x9f8 dev_hard_start_xmit+0x160/0x5a8 __dev_queue_xmit+0x6f8/0x3120 ip6_finish_output2+0xc28/0x1b60 __ip6_finish_output+0x38c/0x638 ip6_output+0x1b4/0x338 ip6_local_out+0x7c/0xa8 ip6_send_skb+0x7c/0x1b0 ip6_push_pending_frames+0x94/0xd0 rawv6_sendmsg+0x1a98/0x2898 inet_sendmsg+0x94/0xe0 __sys_sendto+0x1e4/0x308 __arm64_sys_sendto+0xc4/0x140 do_el0_svc+0x110/0x280 el0_svc+0x20/0x60 el0t_64_sync_handler+0x104/0x138 el0t_64_sync+0x154/0x158 To avoid that, empty vif's txq at ieee80211_do_stop() so no packet could be dequeued after ieee80211_do_stop() (new packets cannot be queued because SDATA_STATE_RUNNING is cleared at this point). CVE-2025-37794 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37794.html CVE-2025-37794 https://bugzilla.suse.com/1242566 SUSE Bug 1242566 In the Linux kernel, the following vulnerability has been resolved: wifi: at76c50x: fix use after free access in at76_disconnect The memory pointed to by priv is freed at the end of at76_delete_device function (using ieee80211_free_hw). But the code then accesses the udev field of the freed object to put the USB device. This may also lead to a memory leak of the usb device. Fix this by using udev from interface. CVE-2025-37796 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37796.html CVE-2025-37796 https://bugzilla.suse.com/1242727 SUSE Bug 1242727 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g., codel, netem) might drop packets and empty the queue 3. The code continues assuming the queue is still non-empty, adding the class to vttree 4. This breaks HFSC scheduler assumptions that only non-empty classes are in vttree 5. Later, when the class is destroyed, this can lead to a Use-After-Free The fix adds a second queue length check after qdisc_peek_len() to verify the queue wasn't emptied. CVE-2025-37797 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37797.html CVE-2025-37797 https://bugzilla.suse.com/1242417 SUSE Bug 1242417 In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue(). CVE-2025-37798 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37798.html CVE-2025-37798 https://bugzilla.suse.com/1242414 SUSE Bug 1242414 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer. CVE-2025-37823 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37823.html CVE-2025-37823 https://bugzilla.suse.com/1242924 SUSE Bug 1242924 In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Fix niu_try_msix() to not cause a fatal trap on sparc systems. Set PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to work around a bug in the hardware or firmware. For each vector entry in the msix table, niu chips will cause a fatal trap if any registers in that entry are read before that entries' ENTRY_DATA register is written to. Testing indicates writes to other registers are not sufficient to prevent the fatal trap, however the value does not appear to matter. This only needs to happen once after power up, so simply rebooting into a kernel lacking this fix will NOT cause the trap. NON-RESUMABLE ERROR: Reporting on cpu 64 NON-RESUMABLE ERROR: TPC [0x00000000005f6900] <msix_prepare_msi_desc+0x90/0xa0> NON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff NON-RESUMABLE ERROR: 0000000800000000:0000000000000000:0000000000000000:0000000000000000] NON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff] NON-RESUMABLE ERROR: type [precise nonresumable] NON-RESUMABLE ERROR: attrs [0x02000080] < ASI sp-faulted priv > NON-RESUMABLE ERROR: raddr [0xffffffffffffffff] NON-RESUMABLE ERROR: insn effective address [0x000000c50020000c] NON-RESUMABLE ERROR: size [0x8] NON-RESUMABLE ERROR: asi [0x00] CPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63 Workqueue: events work_for_cpu_fn TSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000 Not tainted TPC: <msix_prepare_msi_desc+0x90/0xa0> g0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100 g4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000 o0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620 o4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128 RPC: <__pci_enable_msix_range+0x3cc/0x460> l0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020 l4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734 i0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d i4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0 I7: <niu_try_msix.constprop.0+0xc0/0x130 [niu]> Call Trace: [<00000000101888b0>] niu_try_msix.constprop.0+0xc0/0x130 [niu] [<000000001018f840>] niu_get_invariants+0x183c/0x207c [niu] [<00000000101902fc>] niu_pci_init_one+0x27c/0x2fc [niu] [<00000000005ef3e4>] local_pci_probe+0x28/0x74 [<0000000000469240>] work_for_cpu_fn+0x8/0x1c [<000000000046b008>] process_scheduled_works+0x144/0x210 [<000000000046b518>] worker_thread+0x13c/0x1c0 [<00000000004710e0>] kthread+0xb8/0xc8 [<00000000004060c8>] ret_from_fork+0x1c/0x2c [<0000000000000000>] 0x0 Kernel panic - not syncing: Non-resumable error. CVE-2025-37833 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37833.html CVE-2025-37833 https://bugzilla.suse.com/1242868 SUSE Bug 1242868 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() Add error handling to propagate amdgpu_cgs_create_device() failures to the caller. When amdgpu_cgs_create_device() fails, release hwmgr and return -ENOMEM to prevent null pointer dereference. [v1]->[v2]: Change error code from -EINVAL to -ENOMEM. Free hwmgr. CVE-2025-37852 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37852.html CVE-2025-37852 https://bugzilla.suse.com/1243074 SUSE Bug 1243074 In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a failed dl_recall queue operation: T1 T2 nfs4_laundromat nfs4_get_client_reaplist nfs4_anylock_blockers __break_lease spin_lock // ctx->flc_lock spin_lock // clp->cl_lock nfs4_lockowner_has_blockers locks_owner_has_blockers spin_lock // flctx->flc_lock nfsd_break_deleg_cb nfsd_break_one_deleg nfs4_put_stid refcount_dec_and_lock spin_lock // clp->cl_lock When a file is opened, an nfs4_delegation is allocated with sc_count initialized to 1, and the file_lease holds a reference to the delegation. The file_lease is then associated with the file through kernel_setlease. The disassociation is performed in nfsd4_delegreturn via the following call chain: nfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg --> nfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease The corresponding sc_count reference will be released after this disassociation. Since nfsd_break_one_deleg executes while holding the flc_lock, the disassociation process becomes blocked when attempting to acquire flc_lock in generic_delete_lease. This means: 1) sc_count in nfsd_break_one_deleg will not be decremented to 0; 2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to acquire cl_lock; 3) Consequently, no deadlock condition is created. Given that sc_count in nfsd_break_one_deleg remains non-zero, we can safely perform refcount_dec on sc_count directly. This approach effectively avoids triggering deadlock warnings. CVE-2025-37871 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37871.html CVE-2025-37871 https://bugzilla.suse.com/1242949 SUSE Bug 1242949 In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negative) <= rsize (positive) because both variables were signed. Make variables unsigned to avoid this problem. The reproducer linked below now fails with the following error instead of a null pointer deref: 9pnet: bogus RWRITE count (4294967295 > 3) CVE-2025-37879 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37879.html CVE-2025-37879 https://bugzilla.suse.com/1243077 SUSE Bug 1243077 In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life. CVE-2025-37932 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37932.html CVE-2025-37932 https://bugzilla.suse.com/1243627 SUSE Bug 1243627 In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB mititgation sequence. This is only applied for 'classic' cBPF programs that are loaded by seccomp. CVE-2025-37948 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37948.html CVE-2025-37948 https://bugzilla.suse.com/1243649 SUSE Bug 1243649 In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbus_thread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:__wake_up_common+0x4c/0x180 Call Trace: <TASK> __wake_up_common_lock+0x82/0xd0 process_msg+0x18e/0x2f0 xenbus_thread+0x165/0x1c0 process_msg+0x18e is req->cb(req). req->cb is set to xs_wake_up(), a thin wrapper around wake_up(), or xenbus_dev_queue_reply(). It seems like it was xs_wake_up() in this case. It seems like req may have woken up the xs_wait_for_reply(), which kfree()ed the req. When xenbus_thread resumes, it faults on the zero-ed data. Linux Device Drivers 2nd edition states: "Normally, a wake_up call can cause an immediate reschedule to happen, meaning that other processes might run before wake_up returns." ... which would match the behaviour observed. Change to keeping two krefs on each request. One for the caller, and one for xenbus_thread. Each will kref_put() when finished, and the last will free it. This use of kref matches the description in Documentation/core-api/kref.rst CVE-2025-37949 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37949.html CVE-2025-37949 https://bugzilla.suse.com/1243541 SUSE Bug 1243541 In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_deactivate() idempotent Alan reported a NULL pointer dereference in htb_next_rb_node() after we made htb_qlen_notify() idempotent. It turns out in the following case it introduced some regression: htb_dequeue_tree(): |-> fq_codel_dequeue() |-> qdisc_tree_reduce_backlog() |-> htb_qlen_notify() |-> htb_deactivate() |-> htb_next_rb_node() |-> htb_deactivate() For htb_next_rb_node(), after calling the 1st htb_deactivate(), the clprio[prio]->ptr could be already set to NULL, which means htb_next_rb_node() is vulnerable here. For htb_deactivate(), although we checked qlen before calling it, in case of qlen==0 after qdisc_tree_reduce_backlog(), we may call it again which triggers the warning inside. To fix the issues here, we need to: 1) Make htb_deactivate() idempotent, that is, simply return if we already call it before. 2) Make htb_next_rb_node() safe against ptr==NULL. Many thanks to Alan for testing and for the reproducer. CVE-2025-37953 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37953.html CVE-2025-37953 https://bugzilla.suse.com/1243543 SUSE Bug 1243543 In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only mitigate cBPF programs that were loaded by an unprivileged user. Privileged users can also load the same program via eBPF, making the mitigation pointless. CVE-2025-37963 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37963.html CVE-2025-37963 https://bugzilla.suse.com/1243660 SUSE Bug 1243660 In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is misuse of the devm API. The registration function (phy_led_triggers_register) is called from phy_attach_direct, not phy_probe, and the unregister function (phy_led_triggers_unregister) is called from phy_detach, not phy_remove. This means the register and unregister functions can be called multiple times for the same PHY device, but devm-allocated memory is not freed until the driver is unbound. This also prevents kmemleak from detecting the leak, as the devm API internally stores the allocated pointer. Fix this by replacing devm_kzalloc/devm_kcalloc with standard kzalloc/kcalloc, and add the corresponding kfree calls in the unregister path. CVE-2025-37989 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-37989.html CVE-2025-37989 https://bugzilla.suse.com/1243511 SUSE Bug 1243511 In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF sometimes peeks at packets in the child qdisc without actually dequeuing them when tokens are unavailable. This peek operation creates a discrepancy between the parent and child qdisc queue length counters. When TBF later receives a high-priority packet, SKBPRIO's queue length may show a different value than what's reflected in its internal priority queue tracking, triggering the assertion. The fix removes this overly strict assertions in SKBPRIO, they are not necessary at all. CVE-2025-38637 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.261.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-1-8.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.261.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.261.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1/ https://www.suse.com/security/cve/CVE-2025-38637.html CVE-2025-38637 https://bugzilla.suse.com/1241657 SUSE Bug 1241657