Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01995-1 Final 1 1 2025-06-18T08:34:45Z current 2025-06-18T08:34:45Z 2025-06-18T08:34:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440). - CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597). - CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245). - CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366). - CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745). - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887). - CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). The following non-security bugs were fixed: - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745). - devm-helpers: Add resource managed version of work init (bsc#1242745). - mtd: phram: Add the kernel lock down check (bsc#1232649). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - workqueue: Add resource managed version of delayed work init (bsc#1242745). - Remove debug flavor (bsc#1243919). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1995,SUSE-SUSE-MicroOS-5.1-2025-1995,SUSE-SUSE-MicroOS-5.2-2025-1995 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ Link for SUSE-SU-2025:01995-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040364.html E-Mail link for SUSE-SU-2025:01995-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1154353 SUSE Bug 1154353 https://bugzilla.suse.com/1156395 SUSE Bug 1156395 https://bugzilla.suse.com/1170891 SUSE Bug 1170891 https://bugzilla.suse.com/1173139 SUSE Bug 1173139 https://bugzilla.suse.com/1184350 SUSE Bug 1184350 https://bugzilla.suse.com/1184611 SUSE Bug 1184611 https://bugzilla.suse.com/1185010 SUSE Bug 1185010 https://bugzilla.suse.com/1188772 SUSE Bug 1188772 https://bugzilla.suse.com/1189883 SUSE Bug 1189883 https://bugzilla.suse.com/1190358 SUSE Bug 1190358 https://bugzilla.suse.com/1190428 SUSE Bug 1190428 https://bugzilla.suse.com/1201644 SUSE Bug 1201644 https://bugzilla.suse.com/1201664 SUSE Bug 1201664 https://bugzilla.suse.com/1201672 SUSE Bug 1201672 https://bugzilla.suse.com/1201673 SUSE Bug 1201673 https://bugzilla.suse.com/1201676 SUSE Bug 1201676 https://bugzilla.suse.com/1206073 SUSE Bug 1206073 https://bugzilla.suse.com/1206649 SUSE Bug 1206649 https://bugzilla.suse.com/1206886 SUSE Bug 1206886 https://bugzilla.suse.com/1206887 SUSE Bug 1206887 https://bugzilla.suse.com/1207198 SUSE Bug 1207198 https://bugzilla.suse.com/1209657 SUSE Bug 1209657 https://bugzilla.suse.com/1210337 SUSE Bug 1210337 https://bugzilla.suse.com/1213476 SUSE Bug 1213476 https://bugzilla.suse.com/1214842 SUSE Bug 1214842 https://bugzilla.suse.com/1216702 SUSE Bug 1216702 https://bugzilla.suse.com/1220754 SUSE Bug 1220754 https://bugzilla.suse.com/1220985 SUSE Bug 1220985 https://bugzilla.suse.com/1221015 SUSE Bug 1221015 https://bugzilla.suse.com/1221044 SUSE Bug 1221044 https://bugzilla.suse.com/1223932 SUSE Bug 1223932 https://bugzilla.suse.com/1224099 SUSE Bug 1224099 https://bugzilla.suse.com/1224482 SUSE Bug 1224482 https://bugzilla.suse.com/1224511 SUSE Bug 1224511 https://bugzilla.suse.com/1224592 SUSE Bug 1224592 https://bugzilla.suse.com/1224831 SUSE Bug 1224831 https://bugzilla.suse.com/1224832 SUSE Bug 1224832 https://bugzilla.suse.com/1224834 SUSE Bug 1224834 https://bugzilla.suse.com/1224841 SUSE Bug 1224841 https://bugzilla.suse.com/1224843 SUSE Bug 1224843 https://bugzilla.suse.com/1224846 SUSE Bug 1224846 https://bugzilla.suse.com/1224849 SUSE Bug 1224849 https://bugzilla.suse.com/1224854 SUSE Bug 1224854 https://bugzilla.suse.com/1224859 SUSE Bug 1224859 https://bugzilla.suse.com/1224882 SUSE Bug 1224882 https://bugzilla.suse.com/1224889 SUSE Bug 1224889 https://bugzilla.suse.com/1224891 SUSE Bug 1224891 https://bugzilla.suse.com/1224892 SUSE Bug 1224892 https://bugzilla.suse.com/1224893 SUSE Bug 1224893 https://bugzilla.suse.com/1224904 SUSE Bug 1224904 https://bugzilla.suse.com/1225360 SUSE Bug 1225360 https://bugzilla.suse.com/1225411 SUSE Bug 1225411 https://bugzilla.suse.com/1231193 SUSE Bug 1231193 https://bugzilla.suse.com/1232649 SUSE Bug 1232649 https://bugzilla.suse.com/1234887 SUSE Bug 1234887 https://bugzilla.suse.com/1235100 SUSE Bug 1235100 https://bugzilla.suse.com/1237981 SUSE Bug 1237981 https://bugzilla.suse.com/1238032 SUSE Bug 1238032 https://bugzilla.suse.com/1238471 SUSE Bug 1238471 https://bugzilla.suse.com/1240802 SUSE Bug 1240802 https://bugzilla.suse.com/1242145 SUSE Bug 1242145 https://bugzilla.suse.com/1242147 SUSE Bug 1242147 https://bugzilla.suse.com/1242150 SUSE Bug 1242150 https://bugzilla.suse.com/1242154 SUSE Bug 1242154 https://bugzilla.suse.com/1242215 SUSE Bug 1242215 https://bugzilla.suse.com/1242232 SUSE Bug 1242232 https://bugzilla.suse.com/1242245 SUSE Bug 1242245 https://bugzilla.suse.com/1242264 SUSE Bug 1242264 https://bugzilla.suse.com/1242270 SUSE Bug 1242270 https://bugzilla.suse.com/1242352 SUSE Bug 1242352 https://bugzilla.suse.com/1242353 SUSE Bug 1242353 https://bugzilla.suse.com/1242355 SUSE Bug 1242355 https://bugzilla.suse.com/1242366 SUSE Bug 1242366 https://bugzilla.suse.com/1242378 SUSE Bug 1242378 https://bugzilla.suse.com/1242385 SUSE Bug 1242385 https://bugzilla.suse.com/1242387 SUSE Bug 1242387 https://bugzilla.suse.com/1242391 SUSE Bug 1242391 https://bugzilla.suse.com/1242392 SUSE Bug 1242392 https://bugzilla.suse.com/1242402 SUSE Bug 1242402 https://bugzilla.suse.com/1242409 SUSE Bug 1242409 https://bugzilla.suse.com/1242416 SUSE Bug 1242416 https://bugzilla.suse.com/1242440 SUSE Bug 1242440 https://bugzilla.suse.com/1242443 SUSE Bug 1242443 https://bugzilla.suse.com/1242449 SUSE Bug 1242449 https://bugzilla.suse.com/1242452 SUSE Bug 1242452 https://bugzilla.suse.com/1242455 SUSE Bug 1242455 https://bugzilla.suse.com/1242464 SUSE Bug 1242464 https://bugzilla.suse.com/1242473 SUSE Bug 1242473 https://bugzilla.suse.com/1242481 SUSE Bug 1242481 https://bugzilla.suse.com/1242484 SUSE Bug 1242484 https://bugzilla.suse.com/1242493 SUSE Bug 1242493 https://bugzilla.suse.com/1242527 SUSE Bug 1242527 https://bugzilla.suse.com/1242542 SUSE Bug 1242542 https://bugzilla.suse.com/1242545 SUSE Bug 1242545 https://bugzilla.suse.com/1242547 SUSE Bug 1242547 https://bugzilla.suse.com/1242548 SUSE Bug 1242548 https://bugzilla.suse.com/1242549 SUSE Bug 1242549 https://bugzilla.suse.com/1242551 SUSE Bug 1242551 https://bugzilla.suse.com/1242580 SUSE Bug 1242580 https://bugzilla.suse.com/1242597 SUSE Bug 1242597 https://bugzilla.suse.com/1242686 SUSE Bug 1242686 https://bugzilla.suse.com/1242689 SUSE Bug 1242689 https://bugzilla.suse.com/1242716 SUSE Bug 1242716 https://bugzilla.suse.com/1242733 SUSE Bug 1242733 https://bugzilla.suse.com/1242734 SUSE Bug 1242734 https://bugzilla.suse.com/1242736 SUSE Bug 1242736 https://bugzilla.suse.com/1242745 SUSE Bug 1242745 https://bugzilla.suse.com/1242749 SUSE Bug 1242749 https://bugzilla.suse.com/1242762 SUSE Bug 1242762 https://bugzilla.suse.com/1242835 SUSE Bug 1242835 https://bugzilla.suse.com/1243919 SUSE Bug 1243919 https://www.suse.com/security/cve/CVE-2020-36790/ SUSE CVE CVE-2020-36790 page https://www.suse.com/security/cve/CVE-2020-36791/ SUSE CVE CVE-2020-36791 page https://www.suse.com/security/cve/CVE-2021-32399/ SUSE CVE CVE-2021-32399 page https://www.suse.com/security/cve/CVE-2021-3743/ SUSE CVE CVE-2021-3743 page https://www.suse.com/security/cve/CVE-2021-47100/ SUSE CVE CVE-2021-47100 page https://www.suse.com/security/cve/CVE-2021-47220/ SUSE CVE CVE-2021-47220 page https://www.suse.com/security/cve/CVE-2021-47229/ SUSE CVE CVE-2021-47229 page https://www.suse.com/security/cve/CVE-2021-47231/ SUSE CVE CVE-2021-47231 page https://www.suse.com/security/cve/CVE-2021-47236/ SUSE CVE CVE-2021-47236 page https://www.suse.com/security/cve/CVE-2021-47239/ SUSE CVE CVE-2021-47239 page https://www.suse.com/security/cve/CVE-2021-47240/ SUSE CVE CVE-2021-47240 page https://www.suse.com/security/cve/CVE-2021-47246/ SUSE CVE CVE-2021-47246 page https://www.suse.com/security/cve/CVE-2021-47252/ SUSE CVE CVE-2021-47252 page https://www.suse.com/security/cve/CVE-2021-47255/ SUSE CVE CVE-2021-47255 page https://www.suse.com/security/cve/CVE-2021-47260/ SUSE CVE CVE-2021-47260 page https://www.suse.com/security/cve/CVE-2021-47288/ SUSE CVE CVE-2021-47288 page https://www.suse.com/security/cve/CVE-2021-47296/ SUSE CVE CVE-2021-47296 page https://www.suse.com/security/cve/CVE-2021-47314/ SUSE CVE CVE-2021-47314 page https://www.suse.com/security/cve/CVE-2021-47315/ SUSE CVE CVE-2021-47315 page https://www.suse.com/security/cve/CVE-2021-47485/ SUSE CVE CVE-2021-47485 page https://www.suse.com/security/cve/CVE-2021-47500/ SUSE CVE CVE-2021-47500 page https://www.suse.com/security/cve/CVE-2021-47511/ SUSE CVE CVE-2021-47511 page https://www.suse.com/security/cve/CVE-2022-3564/ SUSE CVE CVE-2022-3564 page https://www.suse.com/security/cve/CVE-2022-48704/ SUSE CVE CVE-2022-48704 page https://www.suse.com/security/cve/CVE-2022-49110/ SUSE CVE CVE-2022-49110 page https://www.suse.com/security/cve/CVE-2022-49139/ SUSE CVE CVE-2022-49139 page https://www.suse.com/security/cve/CVE-2022-49767/ SUSE CVE CVE-2022-49767 page https://www.suse.com/security/cve/CVE-2022-49769/ SUSE CVE CVE-2022-49769 page https://www.suse.com/security/cve/CVE-2022-49770/ SUSE CVE CVE-2022-49770 page https://www.suse.com/security/cve/CVE-2022-49771/ SUSE CVE CVE-2022-49771 page https://www.suse.com/security/cve/CVE-2022-49772/ SUSE CVE CVE-2022-49772 page https://www.suse.com/security/cve/CVE-2022-49775/ SUSE CVE CVE-2022-49775 page https://www.suse.com/security/cve/CVE-2022-49777/ SUSE CVE CVE-2022-49777 page https://www.suse.com/security/cve/CVE-2022-49787/ SUSE CVE CVE-2022-49787 page https://www.suse.com/security/cve/CVE-2022-49788/ SUSE CVE CVE-2022-49788 page https://www.suse.com/security/cve/CVE-2022-49789/ SUSE CVE CVE-2022-49789 page https://www.suse.com/security/cve/CVE-2022-49790/ SUSE CVE CVE-2022-49790 page https://www.suse.com/security/cve/CVE-2022-49793/ SUSE CVE CVE-2022-49793 page https://www.suse.com/security/cve/CVE-2022-49794/ SUSE CVE CVE-2022-49794 page https://www.suse.com/security/cve/CVE-2022-49799/ SUSE CVE CVE-2022-49799 page https://www.suse.com/security/cve/CVE-2022-49802/ SUSE CVE CVE-2022-49802 page https://www.suse.com/security/cve/CVE-2022-49809/ SUSE CVE CVE-2022-49809 page https://www.suse.com/security/cve/CVE-2022-49818/ SUSE CVE CVE-2022-49818 page https://www.suse.com/security/cve/CVE-2022-49821/ SUSE CVE CVE-2022-49821 page https://www.suse.com/security/cve/CVE-2022-49823/ SUSE CVE CVE-2022-49823 page https://www.suse.com/security/cve/CVE-2022-49824/ SUSE CVE CVE-2022-49824 page https://www.suse.com/security/cve/CVE-2022-49825/ SUSE CVE CVE-2022-49825 page https://www.suse.com/security/cve/CVE-2022-49826/ SUSE CVE CVE-2022-49826 page https://www.suse.com/security/cve/CVE-2022-49827/ SUSE CVE CVE-2022-49827 page https://www.suse.com/security/cve/CVE-2022-49830/ SUSE CVE CVE-2022-49830 page https://www.suse.com/security/cve/CVE-2022-49832/ SUSE CVE CVE-2022-49832 page https://www.suse.com/security/cve/CVE-2022-49835/ SUSE CVE CVE-2022-49835 page https://www.suse.com/security/cve/CVE-2022-49836/ SUSE CVE CVE-2022-49836 page https://www.suse.com/security/cve/CVE-2022-49839/ SUSE CVE CVE-2022-49839 page https://www.suse.com/security/cve/CVE-2022-49841/ SUSE CVE CVE-2022-49841 page https://www.suse.com/security/cve/CVE-2022-49842/ SUSE CVE CVE-2022-49842 page https://www.suse.com/security/cve/CVE-2022-49846/ SUSE CVE CVE-2022-49846 page https://www.suse.com/security/cve/CVE-2022-49861/ SUSE CVE CVE-2022-49861 page https://www.suse.com/security/cve/CVE-2022-49870/ SUSE CVE CVE-2022-49870 page https://www.suse.com/security/cve/CVE-2022-49879/ SUSE CVE CVE-2022-49879 page https://www.suse.com/security/cve/CVE-2022-49880/ SUSE CVE CVE-2022-49880 page https://www.suse.com/security/cve/CVE-2022-49881/ SUSE CVE CVE-2022-49881 page https://www.suse.com/security/cve/CVE-2022-49887/ SUSE CVE CVE-2022-49887 page https://www.suse.com/security/cve/CVE-2022-49889/ SUSE CVE CVE-2022-49889 page https://www.suse.com/security/cve/CVE-2022-49892/ SUSE CVE CVE-2022-49892 page https://www.suse.com/security/cve/CVE-2022-49906/ SUSE CVE CVE-2022-49906 page https://www.suse.com/security/cve/CVE-2022-49910/ SUSE CVE CVE-2022-49910 page https://www.suse.com/security/cve/CVE-2022-49915/ SUSE CVE CVE-2022-49915 page https://www.suse.com/security/cve/CVE-2022-49922/ SUSE CVE CVE-2022-49922 page https://www.suse.com/security/cve/CVE-2022-49927/ SUSE CVE CVE-2022-49927 page https://www.suse.com/security/cve/CVE-2023-0160/ SUSE CVE CVE-2023-0160 page https://www.suse.com/security/cve/CVE-2023-1990/ SUSE CVE CVE-2023-1990 page https://www.suse.com/security/cve/CVE-2023-47233/ SUSE CVE CVE-2023-47233 page https://www.suse.com/security/cve/CVE-2023-52508/ SUSE CVE CVE-2023-52508 page https://www.suse.com/security/cve/CVE-2023-52591/ SUSE CVE CVE-2023-52591 page https://www.suse.com/security/cve/CVE-2023-52654/ SUSE CVE CVE-2023-52654 page https://www.suse.com/security/cve/CVE-2023-53039/ SUSE CVE CVE-2023-53039 page https://www.suse.com/security/cve/CVE-2023-53052/ SUSE CVE CVE-2023-53052 page https://www.suse.com/security/cve/CVE-2023-53106/ SUSE CVE CVE-2023-53106 page https://www.suse.com/security/cve/CVE-2023-6531/ SUSE CVE CVE-2023-6531 page https://www.suse.com/security/cve/CVE-2024-35811/ SUSE CVE CVE-2024-35811 page https://www.suse.com/security/cve/CVE-2024-35895/ SUSE CVE CVE-2024-35895 page https://www.suse.com/security/cve/CVE-2024-35914/ SUSE CVE CVE-2024-35914 page https://www.suse.com/security/cve/CVE-2024-46814/ SUSE CVE CVE-2024-46814 page https://www.suse.com/security/cve/CVE-2024-53168/ SUSE CVE CVE-2024-53168 page https://www.suse.com/security/cve/CVE-2024-56558/ SUSE CVE CVE-2024-56558 page https://www.suse.com/security/cve/CVE-2025-21812/ SUSE CVE CVE-2025-21812 page https://www.suse.com/security/cve/CVE-2025-21999/ SUSE CVE CVE-2025-21999 page https://www.suse.com/security/cve/CVE-2025-37789/ SUSE CVE CVE-2025-37789 page SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 cluster-md-kmp-rt-5.3.18-150300.211.1 cluster-md-kmp-rt_debug-5.3.18-150300.211.1 dlm-kmp-rt-5.3.18-150300.211.1 dlm-kmp-rt_debug-5.3.18-150300.211.1 gfs2-kmp-rt-5.3.18-150300.211.1 gfs2-kmp-rt_debug-5.3.18-150300.211.1 kernel-devel-rt-5.3.18-150300.211.1 kernel-rt-5.3.18-150300.211.1 kernel-rt-devel-5.3.18-150300.211.1 kernel-rt-extra-5.3.18-150300.211.1 kernel-rt-livepatch-devel-5.3.18-150300.211.1 kernel-rt-optional-5.3.18-150300.211.1 kernel-rt_debug-5.3.18-150300.211.1 kernel-rt_debug-devel-5.3.18-150300.211.1 kernel-rt_debug-extra-5.3.18-150300.211.1 kernel-rt_debug-livepatch-devel-5.3.18-150300.211.1 kernel-rt_debug-optional-5.3.18-150300.211.1 kernel-source-rt-5.3.18-150300.211.1 kernel-syms-rt-5.3.18-150300.211.1 kselftests-kmp-rt-5.3.18-150300.211.1 kselftests-kmp-rt_debug-5.3.18-150300.211.1 ocfs2-kmp-rt-5.3.18-150300.211.1 ocfs2-kmp-rt_debug-5.3.18-150300.211.1 reiserfs-kmp-rt-5.3.18-150300.211.1 reiserfs-kmp-rt_debug-5.3.18-150300.211.1 kernel-rt-5.3.18-150300.211.1 as a component of SUSE Linux Enterprise Micro 5.1 kernel-source-rt-5.3.18-150300.211.1 as a component of SUSE Linux Enterprise Micro 5.1 kernel-rt-5.3.18-150300.211.1 as a component of SUSE Linux Enterprise Micro 5.2 kernel-source-rt-5.3.18-150300.211.1 as a component of SUSE Linux Enterprise Micro 5.2 In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak We forgot to free new_model_number CVE-2020-36790 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2020-36790.html CVE-2020-36790 https://bugzilla.suse.com/1242145 SUSE Bug 1242145 In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I moved cp->hash calculation before the first tcindex_alloc_perfect_hash(), but cp->alloc_hash is left untouched. This difference could lead to another out of bound access. cp->alloc_hash should always be the size allocated, we should update it after this tcindex_alloc_perfect_hash(). CVE-2020-36791 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2020-36791.html CVE-2020-36791 https://bugzilla.suse.com/1242835 SUSE Bug 1242835 net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. CVE-2021-32399 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-32399.html CVE-2021-32399 https://bugzilla.suse.com/1184611 SUSE Bug 1184611 https://bugzilla.suse.com/1185898 SUSE Bug 1185898 https://bugzilla.suse.com/1185899 SUSE Bug 1185899 https://bugzilla.suse.com/1196174 SUSE Bug 1196174 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 https://bugzilla.suse.com/1201734 SUSE Bug 1201734 An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. CVE-2021-3743 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important 3.6 AV:L/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-3743.html CVE-2021-3743 https://bugzilla.suse.com/1189883 SUSE Bug 1189883 In the Linux kernel, the following vulnerability has been resolved: ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module Hi, When testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko, the system crashed. The log as follows: [ 141.087026] BUG: unable to handle kernel paging request at ffffffffc09b3a5a [ 141.087241] PGD 8fe4c0d067 P4D 8fe4c0d067 PUD 8fe4c0f067 PMD 103ad89067 PTE 0 [ 141.087464] Oops: 0010 [#1] SMP NOPTI [ 141.087580] CPU: 67 PID: 668 Comm: kworker/67:1 Kdump: loaded Not tainted 4.18.0.x86_64 #47 [ 141.088009] Workqueue: events 0xffffffffc09b3a40 [ 141.088009] RIP: 0010:0xffffffffc09b3a5a [ 141.088009] Code: Bad RIP value. [ 141.088009] RSP: 0018:ffffb9094e2c3e88 EFLAGS: 00010246 [ 141.088009] RAX: 0000000000000000 RBX: ffff9abfdb1f04a0 RCX: 0000000000000000 [ 141.088009] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246 [ 141.088009] RBP: 0000000000000000 R08: ffff9abfffee3cb8 R09: 00000000000002e1 [ 141.088009] R10: ffffb9094cb73d90 R11: 00000000000f4240 R12: ffff9abfffee8700 [ 141.088009] R13: 0000000000000000 R14: ffff9abfdb1f04a0 R15: ffff9abfdb1f04a8 [ 141.088009] FS: 0000000000000000(0000) GS:ffff9abfffec0000(0000) knlGS:0000000000000000 [ 141.088009] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.088009] CR2: ffffffffc09b3a30 CR3: 0000008fe4c0a001 CR4: 00000000007606e0 [ 141.088009] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 141.088009] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 141.088009] PKRU: 55555554 [ 141.088009] Call Trace: [ 141.088009] ? process_one_work+0x195/0x390 [ 141.088009] ? worker_thread+0x30/0x390 [ 141.088009] ? process_one_work+0x390/0x390 [ 141.088009] ? kthread+0x10d/0x130 [ 141.088009] ? kthread_flush_work_fn+0x10/0x10 [ 141.088009] ? ret_from_fork+0x35/0x40] BUG: unable to handle kernel paging request at ffffffffc0b28a5a [ 200.223240] PGD 97fe00d067 P4D 97fe00d067 PUD 97fe00f067 PMD a580cbf067 PTE 0 [ 200.223464] Oops: 0010 [#1] SMP NOPTI [ 200.223579] CPU: 63 PID: 664 Comm: kworker/63:1 Kdump: loaded Not tainted 4.18.0.x86_64 #46 [ 200.224008] Workqueue: events 0xffffffffc0b28a40 [ 200.224008] RIP: 0010:0xffffffffc0b28a5a [ 200.224008] Code: Bad RIP value. [ 200.224008] RSP: 0018:ffffbf3c8e2a3e88 EFLAGS: 00010246 [ 200.224008] RAX: 0000000000000000 RBX: ffffa0799ad6bca0 RCX: 0000000000000000 [ 200.224008] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246 [ 200.224008] RBP: 0000000000000000 R08: ffff9fe43fde3cb8 R09: 00000000000000d5 [ 200.224008] R10: ffffbf3c8cb53d90 R11: 00000000000f4240 R12: ffff9fe43fde8700 [ 200.224008] R13: 0000000000000000 R14: ffffa0799ad6bca0 R15: ffffa0799ad6bca8 [ 200.224008] FS: 0000000000000000(0000) GS:ffff9fe43fdc0000(0000) knlGS:0000000000000000 [ 200.224008] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 200.224008] CR2: ffffffffc0b28a30 CR3: 00000097fe00a002 CR4: 00000000007606e0 [ 200.224008] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 200.224008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 200.224008] PKRU: 55555554 [ 200.224008] Call Trace: [ 200.224008] ? process_one_work+0x195/0x390 [ 200.224008] ? worker_thread+0x30/0x390 [ 200.224008] ? process_one_work+0x390/0x390 [ 200.224008] ? kthread+0x10d/0x130 [ 200.224008] ? kthread_flush_work_fn+0x10/0x10 [ 200.224008] ? ret_from_fork+0x35/0x40 [ 200.224008] kernel fault(0x1) notification starting on CPU 63 [ 200.224008] kernel fault(0x1) notification finished on CPU 63 [ 200.224008] CR2: ffffffffc0b28a5a [ 200.224008] ---[ end trace c82a412d93f57412 ]--- The reason is as follows: T1: rmmod ipmi_si. ->ipmi_unregister_smi() -> ipmi_bmc_unregister() -> __ipmi_bmc_unregister() -> kref_put(&bmc->usecount, cleanup_bmc_device); -> schedule_work(&bmc->remove_work); T2: rmmod ipmi_msghandl ---truncated--- CVE-2021-47100 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47100.html CVE-2021-47100 https://bugzilla.suse.com/1220985 SUSE Bug 1220985 ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2021-47220 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47220.html CVE-2021-47220 https://bugzilla.suse.com/1224859 SUSE Bug 1224859 In the Linux kernel, the following vulnerability has been resolved: PCI: aardvark: Fix kernel panic during PIO transfer Trying to start a new PIO transfer by writing value 0 in PIO_START register when previous transfer has not yet completed (which is indicated by value 1 in PIO_START) causes an External Abort on CPU, which results in kernel panic: SError Interrupt on CPU0, code 0xbf000002 -- SError Kernel panic - not syncing: Asynchronous SError Interrupt To prevent kernel panic, it is required to reject a new PIO transfer when previous one has not finished yet. If previous PIO transfer is not finished yet, the kernel may issue a new PIO request only if the previous PIO transfer timed out. In the past the root cause of this issue was incorrectly identified (as it often happens during link retraining or after link down event) and special hack was implemented in Trusted Firmware to catch all SError events in EL3, to ignore errors with code 0xbf000002 and not forwarding any other errors to kernel and instead throw panic from EL3 Trusted Firmware handler. Links to discussion and patches about this issue: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=3c7dcdac5c50 https://lore.kernel.org/linux-pci/20190316161243.29517-1-repk@triplefau.lt/ https://lore.kernel.org/linux-pci/971be151d24312cc533989a64bd454b4@www.loen.fr/ https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/1541 But the real cause was the fact that during link retraining or after link down event the PIO transfer may take longer time, up to the 1.44s until it times out. This increased probability that a new PIO transfer would be issued by kernel while previous one has not finished yet. After applying this change into the kernel, it is possible to revert the mentioned TF-A hack and SError events do not have to be caught in TF-A EL3. CVE-2021-47229 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47229.html CVE-2021-47229 https://bugzilla.suse.com/1224854 SUSE Bug 1224854 In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: fix memory leak in mcba_usb Syzbot reported memory leak in SocketCAN driver for Microchip CAN BUS Analyzer Tool. The problem was in unfreed usb_coherent. In mcba_usb_start() 20 coherent buffers are allocated and there is nothing, that frees them: 1) In callback function the urb is resubmitted and that's all 2) In disconnect function urbs are simply killed, but URB_FREE_BUFFER is not set (see mcba_usb_start) and this flag cannot be used with coherent buffers. Fail log: | [ 1354.053291][ T8413] mcba_usb 1-1:0.0 can0: device disconnected | [ 1367.059384][ T8420] kmemleak: 20 new suspected memory leaks (see /sys/kernel/debug/kmem) So, all allocated buffers should be freed with usb_free_coherent() explicitly NOTE: The same pattern for allocating and freeing coherent buffers is used in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c CVE-2021-47231 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47231.html CVE-2021-47231 https://bugzilla.suse.com/1224849 SUSE Bug 1224849 In the Linux kernel, the following vulnerability has been resolved: net: cdc_eem: fix tx fixup skb leak when usbnet transmit a skb, eem fixup it in eem_tx_fixup(), if skb_copy_expand() failed, it return NULL, usbnet_start_xmit() will have no chance to free original skb. fix it by free orginal skb in eem_tx_fixup() first, then check skb clone status, if failed, return NULL to usbnet. CVE-2021-47236 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47236.html CVE-2021-47236 https://bugzilla.suse.com/1224841 SUSE Bug 1224841 In the Linux kernel, the following vulnerability has been resolved: net: usb: fix possible use-after-free in smsc75xx_bind The commit 46a8b29c6306 ("net: usb: fix memory leak in smsc75xx_bind") fails to clean up the work scheduled in smsc75xx_reset-> smsc75xx_set_multicast, which leads to use-after-free if the work is scheduled to start after the deallocation. In addition, this patch also removes a dangling pointer - dev->data[0]. This patch calls cancel_work_sync to cancel the scheduled work and set the dangling pointer to NULL. CVE-2021-47239 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47239.html CVE-2021-47239 https://bugzilla.suse.com/1224846 SUSE Bug 1224846 In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtr_endpoint_post Syzbot reported slab-out-of-bounds Read in qrtr_endpoint_post. The problem was in wrong _size_ type: if (len != ALIGN(size, 4) + hdrlen) goto err; If size from qrtr_hdr is 4294967293 (0xfffffffd), the result of ALIGN(size, 4) will be 0. In case of len == hdrlen and size == 4294967293 in header this check won't fail and skb_put_data(skb, data + hdrlen, size); will read out of bound from data, which is hdrlen allocated block. CVE-2021-47240 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47240.html CVE-2021-47240 https://bugzilla.suse.com/1224843 SUSE Bug 1224843 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix page reclaim for dead peer hairpin When adding a hairpin flow, a firmware-side send queue is created for the peer net device, which claims some host memory pages for its internal ring buffer. If the peer net device is removed/unbound before the hairpin flow is deleted, then the send queue is not destroyed which leads to a stack trace on pci device remove: [ 748.005230] mlx5_core 0000:08:00.2: wait_func:1094:(pid 12985): MANAGE_PAGES(0x108) timeout. Will cause a leak of a command resource [ 748.005231] mlx5_core 0000:08:00.2: reclaim_pages:514:(pid 12985): failed reclaiming pages: err -110 [ 748.001835] mlx5_core 0000:08:00.2: mlx5_reclaim_root_pages:653:(pid 12985): failed reclaiming pages (-110) for func id 0x0 [ 748.002171] ------------[ cut here ]------------ [ 748.001177] FW pages counter is 4 after reclaiming all pages [ 748.001186] WARNING: CPU: 1 PID: 12985 at drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c:685 mlx5_reclaim_startup_pages+0x34b/0x460 [mlx5_core] [ +0.002771] Modules linked in: cls_flower mlx5_ib mlx5_core ptp pps_core act_mirred sch_ingress openvswitch nsh xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm ib_umad ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay fuse [last unloaded: pps_core] [ 748.007225] CPU: 1 PID: 12985 Comm: tee Not tainted 5.12.0+ #1 [ 748.001376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 748.002315] RIP: 0010:mlx5_reclaim_startup_pages+0x34b/0x460 [mlx5_core] [ 748.001679] Code: 28 00 00 00 0f 85 22 01 00 00 48 81 c4 b0 00 00 00 31 c0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c7 40 cc 19 a1 e8 9f 71 0e e2 <0f> 0b e9 30 ff ff ff 48 c7 c7 a0 cc 19 a1 e8 8c 71 0e e2 0f 0b e9 [ 748.003781] RSP: 0018:ffff88815220faf8 EFLAGS: 00010286 [ 748.001149] RAX: 0000000000000000 RBX: ffff8881b4900280 RCX: 0000000000000000 [ 748.001445] RDX: 0000000000000027 RSI: 0000000000000004 RDI: ffffed102a441f51 [ 748.001614] RBP: 00000000000032b9 R08: 0000000000000001 R09: ffffed1054a15ee8 [ 748.001446] R10: ffff8882a50af73b R11: ffffed1054a15ee7 R12: fffffbfff07c1e30 [ 748.001447] R13: dffffc0000000000 R14: ffff8881b492cba8 R15: 0000000000000000 [ 748.001429] FS: 00007f58bd08b580(0000) GS:ffff8882a5080000(0000) knlGS:0000000000000000 [ 748.001695] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 748.001309] CR2: 000055a026351740 CR3: 00000001d3b48006 CR4: 0000000000370ea0 [ 748.001506] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 748.001483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 748.001654] Call Trace: [ 748.000576] ? mlx5_satisfy_startup_pages+0x290/0x290 [mlx5_core] [ 748.001416] ? mlx5_cmd_teardown_hca+0xa2/0xd0 [mlx5_core] [ 748.001354] ? mlx5_cmd_init_hca+0x280/0x280 [mlx5_core] [ 748.001203] mlx5_function_teardown+0x30/0x60 [mlx5_core] [ 748.001275] mlx5_uninit_one+0xa7/0xc0 [mlx5_core] [ 748.001200] remove_one+0x5f/0xc0 [mlx5_core] [ 748.001075] pci_device_remove+0x9f/0x1d0 [ 748.000833] device_release_driver_internal+0x1e0/0x490 [ 748.001207] unbind_store+0x19f/0x200 [ 748.000942] ? sysfs_file_ops+0x170/0x170 [ 748.001000] kernfs_fop_write_iter+0x2bc/0x450 [ 748.000970] new_sync_write+0x373/0x610 [ 748.001124] ? new_sync_read+0x600/0x600 [ 748.001057] ? lock_acquire+0x4d6/0x700 [ 748.000908] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 748.001126] ? fd_install+0x1c9/0x4d0 [ 748.000951] vfs_write+0x4d0/0x800 [ 748.000804] ksys_write+0xf9/0x1d0 [ 748.000868] ? __x64_sys_read+0xb0/0xb0 [ 748.000811] ? filp_open+0x50/0x50 [ 748.000919] ? syscall_enter_from_user_mode+0x1d/0x50 [ 748.001223] do_syscall_64+0x3f/0x80 [ 748.000892] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 748.00 ---truncated--- CVE-2021-47246 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47246.html CVE-2021-47246 https://bugzilla.suse.com/1224831 SUSE Bug 1224831 In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARN_ON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actually transmitted by the worker. But WARN_ON must be used to denote kernel bugs and not to print simple warnings. A warning can simply be printed using pr_warn. CVE-2021-47252 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47252.html CVE-2021-47252 https://bugzilla.suse.com/1224882 SUSE Bug 1224882 In the Linux kernel, the following vulnerability has been resolved: kvm: LAPIC: Restore guard to prevent illegal APIC register access Per the SDM, "any access that touches bytes 4 through 15 of an APIC register may cause undefined behavior and must not be executed." Worse, such an access in kvm_lapic_reg_read can result in a leak of kernel stack contents. Prior to commit 01402cf81051 ("kvm: LAPIC: write down valid APIC registers"), such an access was explicitly disallowed. Restore the guard that was removed in that commit. CVE-2021-47255 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47255.html CVE-2021-47255 https://bugzilla.suse.com/1224832 SUSE Bug 1224832 In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential NULL dereference in nfs_get_client() None of the callers are expecting NULL returns from nfs_get_client() so this code will lead to an Oops. It's better to return an error pointer. I expect that this is dead code so hopefully no one is affected. CVE-2021-47260 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47260.html CVE-2021-47260 https://bugzilla.suse.com/1224834 SUSE Bug 1224834 In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() while addressing the following warnings caught with -Warray-bounds: arch/alpha/include/asm/string.h:22:16: warning: '__builtin_memcpy' offset [12, 16] from the object at 'com' is out of the bounds of referenced subobject 'config' with type 'unsigned char' at offset 10 [-Warray-bounds] arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [12, 16] from the object at 'com' is out of the bounds of referenced subobject 'config' with type 'unsigned char' at offset 10 [-Warray-bounds] The problem is that the original code is trying to copy 6 bytes of data into a one-byte size member _config_ of the wrong structue FW_CONFIGURE_BUFFERS, in a single call to memcpy(). This causes a legitimate compiler warning because memcpy() overruns the length of &com.cmd.ConfigureBuffers.config. It seems that the right structure is FW_CONFIGURE_FREE_BUFFERS, instead, because it contains 6 more members apart from the header _hdr_. Also, the name of the function ngene_command_config_free_buf() suggests that the actual intention is to ConfigureFreeBuffers, instead of ConfigureBuffers (which takes place in the function ngene_command_config_buf(), above). Fix this by enclosing those 6 members of struct FW_CONFIGURE_FREE_BUFFERS into new struct config, and use &com.cmd.ConfigureFreeBuffers.config as the destination address, instead of &com.cmd.ConfigureBuffers.config, when calling memcpy(). This also helps with the ongoing efforts to globally enable -Warray-bounds and get us closer to being able to tighten the FORTIFY_SOURCE routines on memcpy(). CVE-2021-47288 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47288.html CVE-2021-47288 https://bugzilla.suse.com/1224889 SUSE Bug 1224889 In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak vcpu_put is not called if the user copy fails. This can result in preempt notifier corruption and crashes, among other issues. CVE-2021-47296 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47296.html CVE-2021-47296 https://bugzilla.suse.com/1224891 SUSE Bug 1224891 In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for private structure. Fix this by using resource-managed allocation. CVE-2021-47314 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47314.html CVE-2021-47314 https://bugzilla.suse.com/1224893 SUSE Bug 1224893 In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->gregs' not released on lines: 298. CVE-2021-47315 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47315.html CVE-2021-47315 https://bugzilla.suse.com/1224892 SUSE Bug 1224892 In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math on user controlled buffers. CVE-2021-47485 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47485.html CVE-2021-47485 https://bugzilla.suse.com/1224904 SUSE Bug 1224904 In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fix trigger reference couting The mma8452 driver directly assigns a trigger to the struct iio_dev. The IIO core when done using this trigger will call `iio_trigger_put()` to drop the reference count by 1. Without the matching `iio_trigger_get()` in the driver the reference count can reach 0 too early, the trigger gets freed while still in use and a use-after-free occurs. Fix this by getting a reference to the trigger before assigning it to the IIO device. CVE-2021-47500 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47500.html CVE-2021-47500 https://bugzilla.suse.com/1225360 SUSE Bug 1225360 https://bugzilla.suse.com/1227698 SUSE Bug 1227698 In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix negative period/buffer sizes The period size calculation in OSS layer may receive a negative value as an error, but the code there assumes only the positive values and handle them with size_t. Due to that, a too big value may be passed to the lower layers. This patch changes the code to handle with ssize_t and adds the proper error checks appropriately. CVE-2021-47511 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2021-47511.html CVE-2021-47511 https://bugzilla.suse.com/1225411 SUSE Bug 1225411 https://bugzilla.suse.com/1227700 SUSE Bug 1227700 A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087. CVE-2022-3564 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-3564.html CVE-2022-3564 https://bugzilla.suse.com/1206073 SUSE Bug 1206073 https://bugzilla.suse.com/1206314 SUSE Bug 1206314 https://bugzilla.suse.com/1208030 SUSE Bug 1208030 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1208085 SUSE Bug 1208085 In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, and meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to put device in D3hot state. Per PCI spec rev 4.0 on 5.3.1.4.1 D3hot State. > Configuration and Message requests are the only TLPs accepted by a Function in > the D3hot state. All other received Requests must be handled as Unsupported Requests, > and all received Completions may optionally be handled as Unexpected Completions. This issue will happen in following logs: Unable to handle kernel paging request at virtual address 00008800e0008010 CPU 0 kworker/0:3(131): Oops 0 pc = [<ffffffff811bea5c>] ra = [<ffffffff81240844>] ps = 0000 Tainted: G W pc is at si_gpu_check_soft_reset+0x3c/0x240 ra is at si_dma_is_lockup+0x34/0xd0 v0 = 0000000000000000 t0 = fff08800e0008010 t1 = 0000000000010000 t2 = 0000000000008010 t3 = fff00007e3c00000 t4 = fff00007e3c00258 t5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000 s0 = fff00007e3c016e8 s1 = fff00007e3c00000 s2 = fff00007e3c00018 s3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000 s6 = fff00007ef07bd98 a0 = fff00007e3c00000 a1 = fff00007e3c016e8 a2 = 0000000000000008 a3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338 t8 = 0000000000000275 t9 = ffffffff809b66f8 t10 = ff6769c5d964b800 t11= 000000000000b886 pv = ffffffff811bea20 at = 0000000000000000 gp = ffffffff81d89690 sp = 00000000aa814126 Disabling lock debugging due to kernel taint Trace: [<ffffffff81240844>] si_dma_is_lockup+0x34/0xd0 [<ffffffff81119610>] radeon_fence_check_lockup+0xd0/0x290 [<ffffffff80977010>] process_one_work+0x280/0x550 [<ffffffff80977350>] worker_thread+0x70/0x7c0 [<ffffffff80977410>] worker_thread+0x130/0x7c0 [<ffffffff80982040>] kthread+0x200/0x210 [<ffffffff809772e0>] worker_thread+0x0/0x7c0 [<ffffffff80981f8c>] kthread+0x14c/0x210 [<ffffffff80911658>] ret_from_kernel_thread+0x18/0x20 [<ffffffff80981e40>] kthread+0x0/0x210 Code: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101 <88210000> 4821ed21 So force lockup work queue flush to fix this problem. CVE-2022-48704 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-48704.html CVE-2022-48704 https://bugzilla.suse.com/1223932 SUSE Bug 1223932 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49110 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49110.html CVE-2022-49110 https://bugzilla.suse.com/1237981 SUSE Bug 1237981 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, LE link type and a status that triggers the second case of the packet processing a NULL pointer dereference happens, as conn->link is NULL. CVE-2022-49139 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49139.html CVE-2022-49139 https://bugzilla.suse.com/1238032 SUSE Bug 1238032 In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: always use O_NONBLOCK read/write syzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop() from p9_conn_destroy() from p9_fd_close() is failing to interrupt already started kernel_read() from p9_fd_read() from p9_read_work() and/or kernel_write() from p9_fd_write() from p9_write_work() requests. Since p9_socket_open() sets O_NONBLOCK flag, p9_mux_poll_stop() does not need to interrupt kernel_read()/kernel_write(). However, since p9_fd_open() does not set O_NONBLOCK flag, but pipe blocks unless signal is pending, p9_mux_poll_stop() needs to interrupt kernel_read()/kernel_write() when the file descriptor refers to a pipe. In other words, pipe file descriptor needs to be handled as if socket file descriptor. We somehow need to interrupt kernel_read()/kernel_write() on pipes. A minimal change, which this patch is doing, is to set O_NONBLOCK flag from p9_fd_open(), for O_NONBLOCK flag does not affect reading/writing of regular files. But this approach changes O_NONBLOCK flag on userspace- supplied file descriptors (which might break userspace programs), and O_NONBLOCK flag could be changed by userspace. It would be possible to set O_NONBLOCK flag every time p9_fd_read()/p9_fd_write() is invoked, but still remains small race window for clearing O_NONBLOCK flag. If we don't want to manipulate O_NONBLOCK flag, we might be able to surround kernel_read()/kernel_write() with set_thread_flag(TIF_SIGPENDING) and recalc_sigpending(). Since p9_read_work()/p9_write_work() works are processed by kernel threads which process global system_wq workqueue, signals could not be delivered from remote threads when p9_mux_poll_stop() from p9_conn_destroy() from p9_fd_close() is called. Therefore, calling set_thread_flag(TIF_SIGPENDING)/recalc_sigpending() every time would be needed if we count on signals for making kernel_read()/kernel_write() non-blocking. [Dominique: add comment at Christian's suggestion] CVE-2022-49767 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49767.html CVE-2022-49767 https://bugzilla.suse.com/1242493 SUSE Bug 1242493 In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sb_bsize_shift after reading superblock Fuzzers like to scribble over sb_bsize_shift but in reality it's very unlikely that this field would be corrupted on its own. Nevertheless it should be checked to avoid the possibility of messy mount errors due to bad calculations. It's always a fixed value based on the block size so we can just check that it's the expected value. Tested with: mkfs.gfs2 -O -p lock_nolock /dev/vdb for i in 0 -1 64 65 32 33; do gfs2_edit -p sb field sb_bsize_shift $i /dev/vdb mount /dev/vdb /mnt/test && umount /mnt/test done Before this patch we get a withdraw after [ 76.413681] gfs2: fsid=loop0.0: fatal: invalid metadata block [ 76.413681] bh = 19 (type: exp=5, found=4) [ 76.413681] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 492 and with UBSAN configured we also get complaints like [ 76.373395] UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:295:19 [ 76.373815] shift exponent 4294967287 is too large for 64-bit type 'long unsigned int' After the patch, these complaints don't appear, mount fails immediately and we get an explanation in dmesg. CVE-2022-49769 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49769.html CVE-2022-49769 https://bugzilla.suse.com/1242440 SUSE Bug 1242440 In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'first_realm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and could cause random use-after-free, BUG_ON, etc issues. CVE-2022-49770 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49770.html CVE-2022-49770 https://bugzilla.suse.com/1242597 SUSE Bug 1242597 In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using the "dm_target_iterate(list_version_get_needed, &needed)" call and then will fill the space using the "dm_target_iterate(list_version_get_info, &iter_info)" call. Each of these calls locks the targets using the "down_read(&_lock)" and "up_read(&_lock)" calls, however between the first and second "dm_target_iterate" there is no lock held and the target modules can be loaded at this point, so the second "dm_target_iterate" call may need more space than what was the first "dm_target_iterate" returned. The code tries to handle this overflow (see the beginning of list_version_get_info), however this handling is incorrect. The code sets "param->data_size = param->data_start + needed" and "iter_info.end = (char *)vers+len" - "needed" is the size returned by the first dm_target_iterate call; "len" is the size of the buffer allocated by userspace. "len" may be greater than "needed"; in this case, the code will write up to "len" bytes into the buffer, however param->data_size is set to "needed", so it may write data past the param->data_size value. The ioctl interface copies only up to param->data_size into userspace, thus part of the result will be truncated. Fix this bug by setting "iter_info.end = (char *)vers + needed;" - this guarantees that the second "dm_target_iterate" call will write only up to the "needed" buffer and it will exit with "DM_BUFFER_FULL_FLAG" if it overflows the "needed" space - in this case, userspace will allocate a larger buffer and retry. Note that there is also a bug in list_version_get_needed - we need to add "strlen(tt->name) + 1" to the needed size, not "strlen(tt->name)". CVE-2022-49771 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49771.html CVE-2022-49771 https://bugzilla.suse.com/1242686 SUSE Bug 1242686 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() snd_usbmidi_output_open() has a check of the NULL port with snd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened, but in reality, the NULL port may be seen when the device gives an invalid endpoint setup at the descriptor, hence the driver skips the allocation. That is, the check itself is valid and snd_BUG_ON() should be dropped from there. Otherwise it's confusing as if it were a real bug, as recently syzbot stumbled on it. CVE-2022-49772 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49772.html CVE-2022-49772 https://bugzilla.suse.com/1242147 SUSE Bug 1242147 In the Linux kernel, the following vulnerability has been resolved: tcp: cdg: allow tcp_cdg_release() to be called multiple times Apparently, mptcp is able to call tcp_disconnect() on an already disconnected flow. This is generally fine, unless current congestion control is CDG, because it might trigger a double-free [1] Instead of fixing MPTCP, and future bugs, we can make tcp_disconnect() more resilient. [1] BUG: KASAN: double-free in slab_free mm/slub.c:3539 [inline] BUG: KASAN: double-free in kfree+0xe2/0x580 mm/slub.c:4567 CPU: 0 PID: 3645 Comm: kworker/0:7 Not tainted 6.0.0-syzkaller-02734-g0326074ff465 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Workqueue: events mptcp_worker Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:317 [inline] print_report.cold+0x2ba/0x719 mm/kasan/report.c:433 kasan_report_invalid_free+0x81/0x190 mm/kasan/report.c:462 ____kasan_slab_free+0x18b/0x1c0 mm/kasan/common.c:356 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1759 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785 slab_free mm/slub.c:3539 [inline] kfree+0xe2/0x580 mm/slub.c:4567 tcp_disconnect+0x980/0x1e20 net/ipv4/tcp.c:3145 __mptcp_close_ssk+0x5ca/0x7e0 net/mptcp/protocol.c:2327 mptcp_do_fastclose net/mptcp/protocol.c:2592 [inline] mptcp_worker+0x78c/0xff0 net/mptcp/protocol.c:2627 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 </TASK> Allocated by task 3671: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:437 [inline] ____kasan_kmalloc mm/kasan/common.c:516 [inline] ____kasan_kmalloc mm/kasan/common.c:475 [inline] __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:525 kmalloc_array include/linux/slab.h:640 [inline] kcalloc include/linux/slab.h:671 [inline] tcp_cdg_init+0x10d/0x170 net/ipv4/tcp_cdg.c:380 tcp_init_congestion_control+0xab/0x550 net/ipv4/tcp_cong.c:193 tcp_reinit_congestion_control net/ipv4/tcp_cong.c:217 [inline] tcp_set_congestion_control+0x96c/0xaa0 net/ipv4/tcp_cong.c:391 do_tcp_setsockopt+0x505/0x2320 net/ipv4/tcp.c:3513 tcp_setsockopt+0xd4/0x100 net/ipv4/tcp.c:3801 mptcp_setsockopt+0x35f/0x2570 net/mptcp/sockopt.c:844 __sys_setsockopt+0x2d6/0x690 net/socket.c:2252 __do_sys_setsockopt net/socket.c:2263 [inline] __se_sys_setsockopt net/socket.c:2260 [inline] __x64_sys_setsockopt+0xba/0x150 net/socket.c:2260 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 16: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:367 [inline] ____kasan_slab_free+0x166/0x1c0 mm/kasan/common.c:329 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1759 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1785 slab_free mm/slub.c:3539 [inline] kfree+0xe2/0x580 mm/slub.c:4567 tcp_cleanup_congestion_control+0x70/0x120 net/ipv4/tcp_cong.c:226 tcp_v4_destroy_sock+0xdd/0x750 net/ipv4/tcp_ipv4.c:2254 tcp_v6_destroy_sock+0x11/0x20 net/ipv6/tcp_ipv6.c:1969 inet_csk_destroy_sock+0x196/0x440 net/ipv4/inet_connection_sock.c:1157 tcp_done+0x23b/0x340 net/ipv4/tcp.c:4649 tcp_rcv_state_process+0x40e7/0x4990 net/ipv4/tcp_input.c:6624 tcp_v6_do_rcv+0x3fc/0x13c0 net/ipv6/tcp_ipv6.c:1525 tcp_v6_rcv+0x2e8e/0x3830 net/ipv6/tcp_ipv6.c:1759 ip6_protocol_deliver_rcu+0x2db/0x1950 net/ipv6/ip6_input.c:439 ip6_input_finish+0x14c/0x2c0 net/ipv6/ip6_input.c:484 NF_HOOK include/linux/netfilter.h:302 [inline] NF_HOOK include/linux/netfilter.h:296 [inline] ip6_input+0x9c/0xd ---truncated--- CVE-2022-49775 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49775.html CVE-2022-49775 https://bugzilla.suse.com/1242245 SUSE Bug 1242245 https://bugzilla.suse.com/1242257 SUSE Bug 1242257 In the Linux kernel, the following vulnerability has been resolved: Input: i8042 - fix leaking of platform device on module removal Avoid resetting the module-wide i8042_platform_device pointer in i8042_probe() or i8042_remove(), so that the device can be properly destroyed by i8042_exit() on module unload. CVE-2022-49777 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49777.html CVE-2022-49777 https://bugzilla.suse.com/1242232 SUSE Bug 1242232 In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() pci_get_device() will increase the reference count for the returned pci_dev. We need to use pci_dev_put() to decrease the reference count before amd_probe() returns. There is no problem for the 'smbus_dev == NULL' branch because pci_dev_put() can also handle the NULL input parameter case. CVE-2022-49787 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49787.html CVE-2022-49787 https://bugzilla.suse.com/1242352 SUSE Bug 1242352 In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121 instrument_copy_to_user ./include/linux/instrumented.h:121 _copy_to_user+0x5f/0xb0 lib/usercopy.c:33 copy_to_user ./include/linux/uaccess.h:169 vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431 vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925 vfs_ioctl fs/ioctl.c:51 ... Uninit was stored to memory at: kmemdup+0x74/0xb0 mm/util.c:131 dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271 vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339 qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940 vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488 vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927 ... Local variable ev created at: qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 Bytes 28-31 of 48 are uninitialized Memory access of size 48 starts at ffff888035155e00 Data copied to user address 0000000020000100 Use memset() to prevent the infoleaks. Also speculatively fix qp_notify_peer_local(), which may suffer from the same problem. CVE-2022-49788 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49788.html CVE-2022-49788 https://bugzilla.suse.com/1242353 SUSE Bug 1242353 In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and we need to remove the request from our internal hash table again (so we don't keep an invalid reference and use it when we free the request again). In 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (signed and 32 bit wide), but the rest of the zfcp code (and the firmware specification) handles the ID as 'unsigned long'/'u64' (unsigned and 64 bit wide [s390x ELF ABI]). For one this has the obvious problem that when the ID grows past 32 bit (this can happen reasonably fast) it is truncated to 32 bit when storing it in the cache variable and so doesn't match the original ID anymore. The second less obvious problem is that even when the original ID has not yet grown past 32 bit, as soon as the 32nd bit is set in the original ID (0x80000000 = 2'147'483'648) we will have a mismatch when we cast it back to 'unsigned long'. As the cached variable is of a signed type, the compiler will choose a sign-extending instruction to load the 32 bit variable into a 64 bit register (e.g.: 'lgf %r11,188(%r15)'). So once we pass the cached variable into 'zfcp_reqlist_find_rm()' to remove the request again all the leading zeros will be flipped to ones to extend the sign and won't match the original ID anymore (this has been observed in practice). If we can't successfully remove the request from the hash table again after 'zfcp_qdio_send()' fails (this happens regularly when zfcp cannot notify the adapter about new work because the adapter is already gone during e.g. a ChpID toggle) we will end up with a double free. We unconditionally free the request in the calling function when 'zfcp_fsf_req_send()' fails, but because the request is still in the hash table we end up with a stale memory reference, and once the zfcp adapter is either reset during recovery or shutdown we end up freeing the same memory twice. The resulting stack traces vary depending on the kernel and have no direct correlation to the place where the bug occurs. Here are three examples that have been seen in practice: list_del corruption. next->prev should be 00000001b9d13800, but was 00000000dead4ead. (next=00000001bd131a00) ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:62! monitor event: 0040 ilc:2 [#1] PREEMPT SMP Modules linked in: ... CPU: 9 PID: 1617 Comm: zfcperp0.0.1740 Kdump: loaded Hardware name: ... Krnl PSW : 0704d00180000000 00000003cbeea1f8 (__list_del_entry_valid+0x98/0x140) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 Krnl GPRS: 00000000916d12f1 0000000080000000 000000000000006d 00000003cb665cd6 0000000000000001 0000000000000000 0000000000000000 00000000d28d21e8 00000000d3844000 00000380099efd28 00000001bd131a00 00000001b9d13800 00000000d3290100 0000000000000000 00000003cbeea1f4 00000380099efc70 Krnl Code: 00000003cbeea1e8: c020004f68a7 larl %r2,00000003cc8d7336 00000003cbeea1ee: c0e50027fd65 brasl %r14,00000003cc3e9cb8 #00000003cbeea1f4: af000000 mc 0,0 >00000003cbeea1f8: c02000920440 larl %r2,00000003cd12aa78 00000003cbeea1fe: c0e500289c25 brasl %r14,00000003cc3fda48 00000003cbeea204: b9040043 lgr %r4,%r3 00000003cbeea208: b9040051 lgr %r5,%r1 00000003cbeea20c: b9040032 lgr %r3,%r2 Call Trace: [<00000003cbeea1f8>] __list_del_entry_valid+0x98/0x140 ([<00000003cbeea1f4>] __list_del_entry_valid+0x94/0x140) [<000003ff7ff502fe>] zfcp_fsf_req_dismiss_all+0xde/0x150 [zfcp] [<000003ff7ff49cd0>] zfcp_erp_strategy_do_action+0x160/0x280 [zfcp] ---truncated--- CVE-2022-49789 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49789.html CVE-2022-49789 https://bugzilla.suse.com/1242366 SUSE Bug 1242366 https://bugzilla.suse.com/1242376 SUSE Bug 1242376 In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforce_get_id_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes to read. CVE-2022-49790 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49790.html CVE-2022-49790 https://bugzilla.suse.com/1242387 SUSE Bug 1242387 In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() dev_set_name() allocates memory for name, it need be freed when device_add() fails, call put_device() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. Fault injection test can trigger this: unreferenced object 0xffff8e8340a7b4c0 (size 32): comm "modprobe", pid 243, jiffies 4294678145 (age 48.845s) hex dump (first 32 bytes): 69 69 6f 5f 73 79 73 66 73 5f 74 72 69 67 67 65 iio_sysfs_trigge 72 00 a7 40 83 8e ff ff 00 86 13 c4 f6 ee ff ff r..@............ backtrace: [<0000000074999de8>] __kmem_cache_alloc_node+0x1e9/0x360 [<00000000497fd30b>] __kmalloc_node_track_caller+0x44/0x1a0 [<000000003636c520>] kstrdup+0x2d/0x60 [<0000000032f84da2>] kobject_set_name_vargs+0x1e/0x90 [<0000000092efe493>] dev_set_name+0x4e/0x70 CVE-2022-49793 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49793.html CVE-2022-49793 https://bugzilla.suse.com/1242391 SUSE Bug 1242391 In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() If iio_trigger_register() returns error, it should call iio_trigger_free() to give up the reference that hold in iio_trigger_alloc(), so that it can call iio_trig_release() to free memory when the refcount hit to 0. CVE-2022-49794 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49794.html CVE-2022-49794 https://bugzilla.suse.com/1242392 SUSE Bug 1242392 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory-access in register_synth_event() In register_synth_event(), if set_synth_event_print_fmt() failed, then both trace_remove_event_call() and unregister_trace_event() will be called, which means the trace_event_call will call __unregister_trace_event() twice. As the result, the second unregister will causes the wild-memory-access. register_synth_event set_synth_event_print_fmt failed trace_remove_event_call event_remove if call->event.funcs then __unregister_trace_event (first call) unregister_trace_event __unregister_trace_event (second call) Fix the bug by avoiding to call the second __unregister_trace_event() by checking if the first one is called. general protection fault, probably for non-canonical address 0xfbd59c0000000024: 0000 [#1] SMP KASAN PTI KASAN: maybe wild-memory-access in range [0xdead000000000120-0xdead000000000127] CPU: 0 PID: 3807 Comm: modprobe Not tainted 6.1.0-rc1-00186-g76f33a7eedb4 #299 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 RIP: 0010:unregister_trace_event+0x6e/0x280 Code: 00 fc ff df 4c 89 ea 48 c1 ea 03 80 3c 02 00 0f 85 0e 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 e2 01 00 00 49 89 2c 24 48 85 ed 74 28 e8 7a 9b RSP: 0018:ffff88810413f370 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffff888105d050b0 RCX: 0000000000000000 RDX: 1bd5a00000000024 RSI: ffff888119e276e0 RDI: ffffffff835a8b20 RBP: dead000000000100 R08: 0000000000000000 R09: fffffbfff0913481 R10: ffffffff8489a407 R11: fffffbfff0913480 R12: dead000000000122 R13: ffff888105d050b8 R14: 0000000000000000 R15: ffff888105d05028 FS: 00007f7823e8d540(0000) GS:ffff888119e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7823e7ebec CR3: 000000010a058002 CR4: 0000000000330ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __create_synth_event+0x1e37/0x1eb0 create_or_delete_synth_event+0x110/0x250 synth_event_run_command+0x2f/0x110 test_gen_synth_cmd+0x170/0x2eb [synth_event_gen_test] synth_event_gen_test_init+0x76/0x9bc [synth_event_gen_test] do_one_initcall+0xdb/0x480 do_init_module+0x1cf/0x680 load_module+0x6a50/0x70a0 __do_sys_finit_module+0x12f/0x1c0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd CVE-2022-49799 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49799.html CVE-2022-49799 https://bugzilla.suse.com/1242264 SUSE Bug 1242264 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix null pointer dereference in ftrace_add_mod() The @ftrace_mod is allocated by kzalloc(), so both the members {prev,next} of @ftrace_mode->list are NULL, it's not a valid state to call list_del(). If kstrdup() for @ftrace_mod->{func|module} fails, it goes to @out_free tag and calls free_ftrace_mod() to destroy @ftrace_mod, then list_del() will write prev->next and next->prev, where null pointer dereference happens. BUG: kernel NULL pointer dereference, address: 0000000000000008 Oops: 0002 [#1] PREEMPT SMP NOPTI Call Trace: <TASK> ftrace_mod_callback+0x20d/0x220 ? do_filp_open+0xd9/0x140 ftrace_process_regex.isra.51+0xbf/0x130 ftrace_regex_write.isra.52.part.53+0x6e/0x90 vfs_write+0xee/0x3a0 ? __audit_filter_op+0xb1/0x100 ? auditd_test_task+0x38/0x50 ksys_write+0xa5/0xe0 do_syscall_64+0x3a/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd Kernel panic - not syncing: Fatal exception So call INIT_LIST_HEAD() to initialize the list member to fix this issue. CVE-2022-49802 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49802.html CVE-2022-49802 https://bugzilla.suse.com/1242270 SUSE Bug 1242270 In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25_lapb_receive_frame() x25_lapb_receive_frame() using skb_copy() to get a private copy of skb, the new skb should be freed in the undersized/fragmented skb error handling path. Otherwise there is a memory leak. CVE-2022-49809 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49809.html CVE-2022-49809 https://bugzilla.suse.com/1242402 SUSE Bug 1242402 In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize(). CVE-2022-49818 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49818.html CVE-2022-49818 https://bugzilla.suse.com/1242527 SUSE Bug 1242527 In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0. The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the kfree() is removed. list_del() is called in mISDN_dsp_dev_release(), so it need be initialized. CVE-2022-49821 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49821.html CVE-2022-49821 https://bugzilla.suse.com/1242542 SUSE Bug 1242542 In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #36 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x3a0 lr : device_del+0x44/0x3a0 Call trace: device_del+0x48/0x3a0 attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tdev_delete+0x24/0x50 [libata] ata_tlink_delete+0x40/0xa0 [libata] ata_tport_delete+0x2c/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci] Fix this by checking and handling return value of transport_add_device() in ata_tdev_add(). In the error path, device_del() is called to delete the device which was added earlier in this function, and ata_tdev_free() is called to free ata_dev. CVE-2022-49823 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49823.html CVE-2022-49823 https://bugzilla.suse.com/1242545 SUSE Bug 1242545 In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #12 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x39c lr : device_del+0x44/0x39c Call trace: device_del+0x48/0x39c attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tlink_delete+0x88/0xb0 [libata] ata_tport_delete+0x2c/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci] Fix this by checking and handling return value of transport_add_device() in ata_tlink_add(). CVE-2022-49824 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49824.html CVE-2022-49824 https://bugzilla.suse.com/1242547 SUSE Bug 1242547 In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #8 pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x48/0x39c lr : device_del+0x44/0x39c Call trace: device_del+0x48/0x39c attribute_container_class_device_del+0x28/0x40 transport_remove_classdev+0x60/0x7c attribute_container_device_trigger+0x118/0x120 transport_remove_device+0x20/0x30 ata_tport_delete+0x34/0x60 [libata] ata_port_detach+0x148/0x1b0 [libata] ata_pci_remove_one+0x50/0x80 [libata] ahci_remove_one+0x4c/0x8c [ahci] Fix this by checking and handling return value of transport_add_device() in ata_tport_add(). CVE-2022-49825 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49825.html CVE-2022-49825 https://bugzilla.suse.com/1242548 SUSE Bug 1242548 In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And then ata_host_put() is called again, the refcount is decreased to 0, ata_host_release() is called, all ports are freed and set to null. When unbinding the device after failure, ata_host_stop() is called to release the resources, it leads a null-ptr-deref(), because all the ports all freed and null. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G E 6.1.0-rc3+ #8 pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ata_host_stop+0x3c/0x84 [libata] lr : release_nodes+0x64/0xd0 Call trace: ata_host_stop+0x3c/0x84 [libata] release_nodes+0x64/0xd0 devres_release_all+0xbc/0x1b0 device_unbind_cleanup+0x20/0x70 really_probe+0x158/0x320 __driver_probe_device+0x84/0x120 driver_probe_device+0x44/0x120 __driver_attach+0xb4/0x220 bus_for_each_dev+0x78/0xdc driver_attach+0x2c/0x40 bus_add_driver+0x184/0x240 driver_register+0x80/0x13c __pci_register_driver+0x4c/0x60 ahci_pci_driver_init+0x30/0x1000 [ahci] Fix this by removing redundant ata_host_put() in the error path. CVE-2022-49826 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49826.html CVE-2022-49826 https://bugzilla.suse.com/1242549 SUSE Bug 1242549 In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() with drm_vblank_init_release() as action. If __drmm_add_action() failed, will directly call drm_vblank_init_release() with the vblank whose worker is NULL. As the resule, a null-ptr-deref will happen in kthread_destroy_worker(). Add the NULL check before calling drm_vblank_destroy_worker(). BUG: null-ptr-deref KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 5 PID: 961 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf-dirty RIP: 0010:kthread_destroy_worker+0x25/0xb0 Call Trace: <TASK> drm_vblank_init_release+0x124/0x220 [drm] ? drm_crtc_vblank_restore+0x8b0/0x8b0 [drm] __drmm_add_action_or_reset+0x41/0x50 [drm] drm_vblank_init+0x282/0x310 [drm] vkms_init+0x35f/0x1000 [vkms] ? 0xffffffffc4508000 ? lock_is_held_type+0xd7/0x130 ? __kmem_cache_alloc_node+0x1c2/0x2b0 ? lock_is_held_type+0xd7/0x130 ? 0xffffffffc4508000 do_one_initcall+0xd0/0x4f0 ... do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 CVE-2022-49827 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49827.html CVE-2022-49827 https://bugzilla.suse.com/1242689 SUSE Bug 1242689 In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drm_dev_init() drm_dev_init() will add drm_dev_init_release() as a callback. When drmm_add_action() failed, the release function won't be added. As the result, the ref cnt added by device_get() in drm_dev_init() won't be put by drm_dev_init_release(), which leads to the memleak. Use drmm_add_action_or_reset() instead of drmm_add_action() to prevent memleak. unreferenced object 0xffff88810bc0c800 (size 2048): comm "modprobe", pid 8322, jiffies 4305809845 (age 15.292s) hex dump (first 32 bytes): e8 cc c0 0b 81 88 ff ff ff ff ff ff 00 00 00 00 ................ 20 24 3c 0c 81 88 ff ff 18 c8 c0 0b 81 88 ff ff $<............. backtrace: [<000000007251f72d>] __kmalloc+0x4b/0x1c0 [<0000000045f21f26>] platform_device_alloc+0x2d/0xe0 [<000000004452a479>] platform_device_register_full+0x24/0x1c0 [<0000000089f4ea61>] 0xffffffffa0736051 [<00000000235b2441>] do_one_initcall+0x7a/0x380 [<0000000001a4a177>] do_init_module+0x5c/0x230 [<000000002bf8a8e2>] load_module+0x227d/0x2420 [<00000000637d6d0a>] __do_sys_finit_module+0xd5/0x140 [<00000000c99fc324>] do_syscall_64+0x3f/0x90 [<000000004d85aa77>] entry_SYSCALL_64_after_hwframe+0x63/0xcd CVE-2022-49830 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49830.html CVE-2022-49830 https://bugzilla.suse.com/1242150 SUSE Bug 1242150 In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 0000000000000000 by task python3/2640 Call Trace: strcmp __of_find_property of_find_property pinctrl_dt_to_map kasprintf() would return NULL pointer when kmalloc() fail to allocate. So directly return ENOMEM, if kasprintf() return NULL pointer. CVE-2022-49832 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49832.html CVE-2022-49832 https://bugzilla.suse.com/1242154 SUSE Bug 1242154 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call 'kobject_put' to recycling resources. CVE-2022-49835 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49835.html CVE-2022-49835 https://bugzilla.suse.com/1242385 SUSE Bug 1242385 In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(), and sdevice is freed in siox_device_release(), set it to null in error path. CVE-2022-49836 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49836.html CVE-2022-49836 https://bugzilla.suse.com/1242355 SUSE Bug 1242355 In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_remove_host(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : device_del+0x54/0x3d0 lr : device_del+0x37c/0x3d0 Call trace: device_del+0x54/0x3d0 attribute_container_class_device_del+0x28/0x38 transport_remove_classdev+0x6c/0x80 attribute_container_device_trigger+0x108/0x110 transport_remove_device+0x28/0x38 sas_phy_delete+0x30/0x60 [scsi_transport_sas] do_sas_phy_delete+0x6c/0x80 [scsi_transport_sas] device_for_each_child+0x68/0xb0 sas_remove_children+0x40/0x50 [scsi_transport_sas] sas_remove_host+0x20/0x38 [scsi_transport_sas] hisi_sas_remove+0x40/0x68 [hisi_sas_main] hisi_sas_v2_remove+0x20/0x30 [hisi_sas_v2_hw] platform_remove+0x2c/0x60 Fix this by checking and handling return value of transport_add_device() in sas_phy_add(). CVE-2022-49839 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49839.html CVE-2022-49839 https://bugzilla.suse.com/1242443 SUSE Bug 1242443 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49841 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49841.html CVE-2022-49841 https://bugzilla.suse.com/1242473 SUSE Bug 1242473 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49842 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49842.html CVE-2022-49842 https://bugzilla.suse.com/1242484 SUSE Bug 1242484 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49846 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49846.html CVE-2022-49846 https://bugzilla.suse.com/1242716 SUSE Bug 1242716 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49861 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49861.html CVE-2022-49861 https://bugzilla.suse.com/1242580 SUSE Bug 1242580 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49870 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49870.html CVE-2022-49870 https://bugzilla.suse.com/1242551 SUSE Bug 1242551 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49879 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49879.html CVE-2022-49879 https://bugzilla.suse.com/1242733 SUSE Bug 1242733 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49880 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49880.html CVE-2022-49880 https://bugzilla.suse.com/1242734 SUSE Bug 1242734 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49881 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49881.html CVE-2022-49881 https://bugzilla.suse.com/1242481 SUSE Bug 1242481 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49887 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49887.html CVE-2022-49887 https://bugzilla.suse.com/1242736 SUSE Bug 1242736 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49889 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49889.html CVE-2022-49889 https://bugzilla.suse.com/1242455 SUSE Bug 1242455 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49892 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49892.html CVE-2022-49892 https://bugzilla.suse.com/1242449 SUSE Bug 1242449 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49906 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49906.html CVE-2022-49906 https://bugzilla.suse.com/1242464 SUSE Bug 1242464 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49910 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49910.html CVE-2022-49910 https://bugzilla.suse.com/1242452 SUSE Bug 1242452 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49915 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49915.html CVE-2022-49915 https://bugzilla.suse.com/1242409 SUSE Bug 1242409 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49922 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49922.html CVE-2022-49922 https://bugzilla.suse.com/1242378 SUSE Bug 1242378 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2022-49927 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2022-49927.html CVE-2022-49927 https://bugzilla.suse.com/1242416 SUSE Bug 1242416 A deadlock flaw was found in the Linux kernel's BPF subsystem. This flaw allows a local user to potentially crash the system. CVE-2023-0160 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2023-0160.html CVE-2023-0160 https://bugzilla.suse.com/1209657 SUSE Bug 1209657 A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. CVE-2023-1990 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2023-1990.html CVE-2023-1990 https://bugzilla.suse.com/1210337 SUSE Bug 1210337 https://bugzilla.suse.com/1210501 SUSE Bug 1210501 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. CVE-2023-47233 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2023-47233.html CVE-2023-47233 https://bugzilla.suse.com/1216702 SUSE Bug 1216702 https://bugzilla.suse.com/1224592 SUSE Bug 1224592 In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() The nvme_fc_fcp_op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation. Add validation of the request structure pointer before dereference. CVE-2023-52508 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2023-52508.html CVE-2023-52508 https://bugzilla.suse.com/1221015 SUSE Bug 1221015 In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if its parent does not change as without locking that can corrupt the filesystem. CVE-2023-52591 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2023-52591.html CVE-2023-52591 https://bugzilla.suse.com/1221044 SUSE Bug 1221044 https://bugzilla.suse.com/1221578 SUSE Bug 1221578 https://bugzilla.suse.com/1221598 SUSE Bug 1221598 In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary. CVE-2023-52654 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2023-52654.html CVE-2023-52654 https://bugzilla.suse.com/1224099 SUSE Bug 1224099 In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtp_dev. If ish_probe() fails, the devm-managed device resources including ishtp_dev are freed, but the work is not cancelled, causing a use-after-free when the work function tries to access ishtp_dev. Use devm_work_autocancel() instead, so that the work is automatically cancelled if probe fails. CVE-2023-53039 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2023-53039.html CVE-2023-53039 https://bugzilla.suse.com/1242745 SUSE Bug 1242745 https://bugzilla.suse.com/1242880 SUSE Bug 1242880 In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umount() while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons so we can avoid the use-after-free bug is DFS cache refresher and other places that require IPCs to get new DFS referrals on. Also, get rid of mount group handling in DFS cache as we no longer need it. This fixes below use-after-free bug catched by KASAN [ 379.946955] BUG: KASAN: use-after-free in __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [ 379.947642] Read of size 8 at addr ffff888018f57030 by task kworker/u4:3/56 [ 379.948096] [ 379.948208] CPU: 0 PID: 56 Comm: kworker/u4:3 Not tainted 6.2.0-rc7-lku #23 [ 379.948661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552-rebuilt.opensuse.org 04/01/2014 [ 379.949368] Workqueue: cifs-dfscache refresh_cache_worker [cifs] [ 379.949942] Call Trace: [ 379.950113] <TASK> [ 379.950260] dump_stack_lvl+0x50/0x67 [ 379.950510] print_report+0x16a/0x48e [ 379.950759] ? __virt_addr_valid+0xd8/0x160 [ 379.951040] ? __phys_addr+0x41/0x80 [ 379.951285] kasan_report+0xdb/0x110 [ 379.951533] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [ 379.952056] ? __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [ 379.952585] __refresh_tcon.isra.0+0x10b/0xc10 [cifs] [ 379.953096] ? __pfx___refresh_tcon.isra.0+0x10/0x10 [cifs] [ 379.953637] ? __pfx___mutex_lock+0x10/0x10 [ 379.953915] ? lock_release+0xb6/0x720 [ 379.954167] ? __pfx_lock_acquire+0x10/0x10 [ 379.954443] ? refresh_cache_worker+0x34e/0x6d0 [cifs] [ 379.954960] ? __pfx_wb_workfn+0x10/0x10 [ 379.955239] refresh_cache_worker+0x4ad/0x6d0 [cifs] [ 379.955755] ? __pfx_refresh_cache_worker+0x10/0x10 [cifs] [ 379.956323] ? __pfx_lock_acquired+0x10/0x10 [ 379.956615] ? read_word_at_a_time+0xe/0x20 [ 379.956898] ? lockdep_hardirqs_on_prepare+0x12/0x220 [ 379.957235] process_one_work+0x535/0x990 [ 379.957509] ? __pfx_process_one_work+0x10/0x10 [ 379.957812] ? lock_acquired+0xb7/0x5f0 [ 379.958069] ? __list_add_valid+0x37/0xd0 [ 379.958341] ? __list_add_valid+0x37/0xd0 [ 379.958611] worker_thread+0x8e/0x630 [ 379.958861] ? __pfx_worker_thread+0x10/0x10 [ 379.959148] kthread+0x17d/0x1b0 [ 379.959369] ? __pfx_kthread+0x10/0x10 [ 379.959630] ret_from_fork+0x2c/0x50 [ 379.959879] </TASK> CVE-2023-53052 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2023-53052.html CVE-2023-53052 https://bugzilla.suse.com/1242749 SUSE Bug 1242749 https://bugzilla.suse.com/1242881 SUSE Bug 1242881 In the Linux kernel, the following vulnerability has been resolved: nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition This bug influences both st_nci_i2c_remove and st_nci_spi_remove. Take st_nci_i2c_remove as an example. In st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work with llt_ndlc_sm_work. When it calls ndlc_recv or timeout handler, it will finally call schedule_work to start the work. When we call st_nci_i2c_remove to remove the driver, there may be a sequence as follows: Fix it by finishing the work before cleanup in ndlc_remove CPU0 CPU1 |llt_ndlc_sm_work st_nci_i2c_remove | ndlc_remove | st_nci_remove | nci_free_device| kfree(ndev) | //free ndlc->ndev | |llt_ndlc_rcv_queue |nci_recv_frame |//use ndlc->ndev CVE-2023-53106 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2023-53106.html CVE-2023-53106 https://bugzilla.suse.com/1242215 SUSE Bug 1242215 A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. CVE-2023-6531 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2023-6531.html CVE-2023-6531 https://bugzilla.suse.com/1218447 SUSE Bug 1218447 https://bugzilla.suse.com/1218487 SUSE Bug 1218487 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.gov/vuln/detail/CVE-2023-47233 In brcm80211 driver,it starts with the following invoking chain to start init a timeout worker: ->brcmf_usb_probe ->brcmf_usb_probe_cb ->brcmf_attach ->brcmf_bus_started ->brcmf_cfg80211_attach ->wl_init_priv ->brcmf_init_escan ->INIT_WORK(&cfg->escan_timeout_work, brcmf_cfg80211_escan_timeout_worker); If we disconnect the USB by hotplug, it will call brcmf_usb_disconnect to make cleanup. The invoking chain is : brcmf_usb_disconnect ->brcmf_usb_disconnect_cb ->brcmf_detach ->brcmf_cfg80211_detach ->kfree(cfg); While the timeout woker may still be running. This will cause a use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker. Fix it by deleting the timer and canceling the worker in brcmf_cfg80211_detach. [arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free] CVE-2024-35811 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2024-35811.html CVE-2024-35811 https://bugzilla.suse.com/1224592 SUSE Bug 1224592 In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any interrupt context, locks taken during a map_delete_elem operation must be hardirq-safe. Otherwise a deadlock due to lock inversion is possible, as reported by lockdep: CPU0 CPU1 ---- ---- lock(&htab->buckets[i].lock); local_irq_disable(); lock(&host->lock); lock(&htab->buckets[i].lock); <Interrupt> lock(&host->lock); Locks in sockmap are hardirq-unsafe by design. We expects elements to be deleted from sockmap/sockhash only in task (normal) context with interrupts enabled, or in softirq context. Detect when map_delete_elem operation is invoked from a context which is _not_ hardirq-unsafe, that is interrupts are disabled, and bail out with an error. Note that map updates are not affected by this issue. BPF verifier does not allow updating sockmap/sockhash from a BPF tracing program today. CVE-2024-35895 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2024-35895.html CVE-2024-35895 https://bugzilla.suse.com/1224511 SUSE Bug 1224511 In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix error cleanup path in nfsd_rename() Commit a8b0026847b8 ("rename(): avoid a deadlock in the case of parents having no common ancestor") added an error bail out path. However this path does not drop the remount protection that has been acquired. Fix the cleanup path to properly drop the remount protection. CVE-2024-35914 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2024-35914.html CVE-2024-35914 https://bugzilla.suse.com/1224482 SUSE Bug 1224482 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity. CVE-2024-46814 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2024-46814.html CVE-2024-46814 https://bugzilla.suse.com/1231193 SUSE Bug 1231193 https://bugzilla.suse.com/1231194 SUSE Bug 1231194 In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace: <IRQ> dump_stack_lvl+0x68/0xa0 print_address_description.constprop.0+0x2c/0x3d0 print_report+0xb4/0x270 kasan_report+0xbd/0xf0 tcp_write_timer_handler+0x156/0x3e0 tcp_write_timer+0x66/0x170 call_timer_fn+0xfb/0x1d0 __run_timers+0x3f8/0x480 run_timer_softirq+0x9b/0x100 handle_softirqs+0x153/0x390 __irq_exit_rcu+0x103/0x120 irq_exit_rcu+0xe/0x20 sysvec_apic_timer_interrupt+0x76/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 RSP: 0018:ffffffffa2007e28 EFLAGS: 00000242 RAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d R10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000 R13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0 default_idle_call+0x6b/0xa0 cpuidle_idle_call+0x1af/0x1f0 do_idle+0xbc/0x130 cpu_startup_entry+0x33/0x40 rest_init+0x11f/0x210 start_kernel+0x39a/0x420 x86_64_start_reservations+0x18/0x30 x86_64_start_kernel+0x97/0xa0 common_startup_64+0x13e/0x141 </TASK> Allocated by task 595: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x87/0x90 kmem_cache_alloc_noprof+0x12b/0x3f0 copy_net_ns+0x94/0x380 create_new_namespaces+0x24c/0x500 unshare_nsproxy_namespaces+0x75/0xf0 ksys_unshare+0x24e/0x4f0 __x64_sys_unshare+0x1f/0x30 do_syscall_64+0x70/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 100: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x54/0x70 kmem_cache_free+0x156/0x5d0 cleanup_net+0x5d3/0x670 process_one_work+0x776/0xa90 worker_thread+0x2e2/0x560 kthread+0x1a8/0x1f0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Reproduction script: mkdir -p /mnt/nfsshare mkdir -p /mnt/nfs/netns_1 mkfs.ext4 /dev/sdb mount /dev/sdb /mnt/nfsshare systemctl restart nfs-server chmod 777 /mnt/nfsshare exportfs -i -o rw,no_root_squash *:/mnt/nfsshare ip netns add netns_1 ip link add name veth_1_peer type veth peer veth_1 ifconfig veth_1_peer 11.11.0.254 up ip link set veth_1 netns netns_1 ip netns exec netns_1 ifconfig veth_1 11.11.0.1 ip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \ --tcp-flags FIN FIN -j DROP (note: In my environment, a DESTROY_CLIENTID operation is always sent immediately, breaking the nfs tcp connection.) ip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \ 11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1 ip netns del netns_1 The reason here is that the tcp socket in netns_1 (nfs side) has been shutdown and closed (done in xs_destroy), but the FIN message (with ack) is discarded, and the nfsd side keeps sending retransmission messages. As a result, when the tcp sock in netns_1 processes the received message, it sends the message (FIN message) in the sending queue, and the tcp timer is re-established. When the network namespace is deleted, the net structure accessed by tcp's timer handler function causes problems. To fix this problem, let's hold netns refcnt for the tcp kernel socket as done in other modules. This is an ugly hack which can easily be backported to earlier kernels. A proper fix which cleans up the interfaces will follow, but may not be so easy to backport. CVE-2024-53168 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2024-53168.html CVE-2024-53168 https://bugzilla.suse.com/1234887 SUSE Bug 1234887 https://bugzilla.suse.com/1243650 SUSE Bug 1243650 In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 819 at lib/refcount.c:25 refcount_warn_saturate+0xb1/0x120 CPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb1/0x120 ... Call Trace: <TASK> e_show+0x20b/0x230 [nfsd] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e CVE-2024-56558 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2024-56558.html CVE-2024-56558 https://bugzilla.suse.com/1235100 SUSE Bug 1235100 https://bugzilla.suse.com/1243648 SUSE Bug 1243648 In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev->ax25_ptr syzbot found a lockdep issue [1]. We should remove ax25 RTNL dependency in ax25_setsockopt() This should also fix a variety of possible UAF in ax25. [1] WARNING: possible circular locking dependency detected 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Not tainted ------------------------------------------------------ syz.5.1818/12806 is trying to acquire lock: ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680 but task is already holding lock: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline] ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (sk_lock-AF_AX25){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 lock_sock_nested+0x48/0x100 net/core/sock.c:3642 lock_sock include/net/sock.h:1618 [inline] ax25_kill_by_device net/ax25/af_ax25.c:101 [inline] ax25_device_event+0x24d/0x580 net/ax25/af_ax25.c:146 notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85 __dev_notify_flags+0x207/0x400 dev_change_flags+0xf0/0x1a0 net/core/dev.c:9026 dev_ifsioc+0x7c8/0xe70 net/core/dev_ioctl.c:563 dev_ioctl+0x719/0x1340 net/core/dev_ioctl.c:820 sock_do_ioctl+0x240/0x460 net/socket.c:1234 sock_ioctl+0x626/0x8e0 net/socket.c:1339 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:906 [inline] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (rtnl_mutex){+.+.}-{4:4}: check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/locking/lockdep.c:3280 [inline] validate_chain+0x18ef/0x5920 kernel/locking/lockdep.c:3904 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735 ax25_setsockopt+0xa55/0xe90 net/ax25/af_ax25.c:680 do_sock_setsockopt+0x3af/0x720 net/socket.c:2324 __sys_setsockopt net/socket.c:2349 [inline] __do_sys_setsockopt net/socket.c:2355 [inline] __se_sys_setsockopt net/socket.c:2352 [inline] __x64_sys_setsockopt+0x1ee/0x280 net/socket.c:2352 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(sk_lock-AF_AX25); lock(rtnl_mutex); lock(sk_lock-AF_AX25); lock(rtnl_mutex); *** DEADLOCK *** 1 lock held by syz.5.1818/12806: #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1618 [inline] #0: ffff8880617ac258 (sk_lock-AF_AX25){+.+.}-{0:0}, at: ax25_setsockopt+0x209/0xe90 net/ax25/af_ax25.c:574 stack backtrace: CPU: 1 UID: 0 PID: 12806 Comm: syz.5.1818 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_circular_bug+0x13a/0x1b0 kernel/locking/lockdep.c:2074 check_noncircular+0x36a/0x4a0 kernel/locking/lockdep.c:2206 check_prev_add kernel/locking/lockdep.c:3161 [inline] check_prevs_add kernel/lockin ---truncated--- CVE-2025-21812 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2025-21812.html CVE-2025-21812 https://bugzilla.suse.com/1238471 SUSE Bug 1238471 https://bugzilla.suse.com/1240736 SUSE Bug 1240736 In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered is a bug unless use_pde/unuse_pde() pair has been used. use_pde/unuse_pde can be avoided (2 atomic ops!) because pde->proc_ops never changes so information necessary for inode instantiation can be saved _before_ proc_register() in PDE itself and used later, avoiding pde->proc_ops->... dereference. rmmod lookup sys_delete_module proc_lookup_de pde_get(de); proc_get_inode(dir->i_sb, de); mod->exit() proc_remove remove_proc_subtree proc_entry_rundown(de); free_module(mod); if (S_ISREG(inode->i_mode)) if (de->proc_ops->proc_read_iter) --> As module is already freed, will trigger UAF BUG: unable to handle page fault for address: fffffbfff80a702b PGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:proc_get_inode+0x302/0x6e0 RSP: 0018:ffff88811c837998 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007 RDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158 RBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20 R10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0 R13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001 FS: 00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> proc_lookup_de+0x11f/0x2e0 __lookup_slow+0x188/0x350 walk_component+0x2ab/0x4f0 path_lookupat+0x120/0x660 filename_lookup+0x1ce/0x560 vfs_statx+0xac/0x150 __do_sys_newstat+0x96/0x110 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e [adobriyan@gmail.com: don't do 2 atomic ops on the common path] CVE-2025-21999 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2025-21999.html CVE-2025-21999 https://bugzilla.suse.com/1240802 SUSE Bug 1240802 https://bugzilla.suse.com/1242579 SUSE Bug 1242579 In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first. CVE-2025-37789 SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.1:kernel-source-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.211.1 SUSE Linux Enterprise Micro 5.2:kernel-source-rt-5.3.18-150300.211.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1/ https://www.suse.com/security/cve/CVE-2025-37789.html CVE-2025-37789 https://bugzilla.suse.com/1242762 SUSE Bug 1242762