Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02334-1 Final 1 1 2025-07-16T13:46:06Z current 2025-07-16T13:46:06Z 2025-07-16T13:46:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47212: net/mlx5: Update error handler for UCTX and UMEM (bsc#1222709). - CVE-2021-47455: ptp: Fix possible memory leak in ptp_clock_register() (bsc#1225254). - CVE-2021-47527: serial: core: fix transmit-buffer reset and memleak (bsc#1227768). - CVE-2022-21546: scsi: target: Fix WRITE_SAME No Data Buffer crash (bsc#1242243). - CVE-2022-49154: KVM: SVM: fix panic on out-of-bounds guest IRQ (bsc#1238167). - CVE-2022-49622: netfilter: nf_tables: fix crash when nf_trace is enabled (bsc#1239042). - CVE-2022-49731: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (bsc#1239071). - CVE-2022-49764: kABI: workaround 'bpf: Prevent bpf program recursion for raw tracepoint probes' changes (bsc#1242301). - CVE-2022-49780: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() (bsc#1242262). - CVE-2022-49814: kcm: close race conditions on sk_receive_queue (bsc#1242498). - CVE-2022-49879: ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1242733). - CVE-2022-49881: wifi: cfg80211: fix memory leak in query_regdb_file() (bsc#1242481). - CVE-2022-49917: ipvs: fix WARNING in ip_vs_app_net_cleanup() (bsc#1242406). - CVE-2022-49921: net: sched: Fix use after free in red_enqueue() (bsc#1242359). - CVE-2022-50055: iavf: Fix adminq error handling (bsc#1245039). - CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119). - CVE-2022-50134: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (bsc#1244802). - CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2023-53020: l2tp: fix lockdep splat (bsc#1240224). - CVE-2023-53090: drm/amdkfd: Fix an illegal memory access (bsc#1242753). - CVE-2023-53091: ext4: update s_journal_inum if it changes after journal replay (bsc#1242767). - CVE-2023-53133: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (bsc#1242423). - CVE-2024-26586: mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243). - CVE-2024-26825: nfc: nci: free rx_data_reassembly skb on NCI device cleanup (bsc#1223065). - CVE-2024-26872: RDMA/srpt: Do not register event handler until srpt device is fully setup (bsc#1223115). - CVE-2024-26875: media: pvrusb2: fix uaf in pvr2_context_set_notify (bsc#1223118). - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712). - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726). - CVE-2024-38588: ftrace: Fix possible use-after-free issue in ftrace_location() (bsc#1226837). - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913). - CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610). - CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching (bsc#1241544). - CVE-2025-23149: tpm: do not start chip while suspended (bsc#1242758). - CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515). - CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521). - CVE-2025-37781: i2c: cros-ec-tunnel: defer probe if parent EC is not present (bsc#1242575). - CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849). - CVE-2025-37810: usb: dwc3: gadget: check that event count does not exceed event buffer length (bsc#1242906). - CVE-2025-37836: PCI: Fix reference leak in pci_register_host_bridge() (bsc#1242957). - CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946). - CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982). - CVE-2025-37892: mtd: inftlcore: Add error check for inftl_read_oob() (bsc#1243536). - CVE-2025-37911: bnxt_en: Fix out-of-bound memcpy() during ethtool -w (bsc#1243469). - CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551). - CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620). - CVE-2025-37928: dm-bufio: do not schedule in atomic context (bsc#1243621). - CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523). - CVE-2025-37980: block: fix resource leak in blk_register_queue() error path (bsc#1243522). - CVE-2025-37982: wifi: wl1251: fix memory leak in wl1251_tx_work (bsc#1243524). - CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698). - CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827). - CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38004: can: bcm: add locking for bcm_op runtime updates (bsc#1244274). - CVE-2025-38023: nfs: handle failure of nfs_get_lock_context in unlock path (bsc#1245004). - CVE-2025-38024: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (bsc#1245025). - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440). - CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743). - CVE-2025-38078: ALSA: pcm: Fix race of buffer access at PCM OSS layer (bsc#1244737). - CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183). The following non-security bugs were fixed: - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (bsc#1226837). - ftrace: Return the first found result in lookup_rec() (bsc#1226837). - ftrace: Separate out functionality from ftrace_location_range() (bsc#1226837). - ftrace: Zero out ftrace hashes when a module is removed (bsc#1226837). - mnt: fix __detach_mounts infinite loop (bsc#1242140). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - netfilter: nf_tables: consolidate rule verdict trace call (bsc#1239042). - netfilter: nf_tables: remove old nf_log based tracing (bsc#1239042). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455). - tracing: Fix compilation warning on arm32 (bsc#1243551). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2334,SUSE-SLE-Live-Patching-12-SP5-2025-2334,SUSE-SLE-SERVER-12-SP5-LTSS-2025-2334,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-2334 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ Link for SUSE-SU-2025:02334-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040737.html E-Mail link for SUSE-SU-2025:02334-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1154048 SUSE Bug 1154048 https://bugzilla.suse.com/1190317 SUSE Bug 1190317 https://bugzilla.suse.com/1199487 SUSE Bug 1199487 https://bugzilla.suse.com/1201958 SUSE Bug 1201958 https://bugzilla.suse.com/1202095 SUSE Bug 1202095 https://bugzilla.suse.com/1202716 SUSE Bug 1202716 https://bugzilla.suse.com/1203254 SUSE Bug 1203254 https://bugzilla.suse.com/1205220 SUSE Bug 1205220 https://bugzilla.suse.com/1205514 SUSE Bug 1205514 https://bugzilla.suse.com/1206664 SUSE Bug 1206664 https://bugzilla.suse.com/1206878 SUSE Bug 1206878 https://bugzilla.suse.com/1206880 SUSE Bug 1206880 https://bugzilla.suse.com/1208542 SUSE Bug 1208542 https://bugzilla.suse.com/1210336 SUSE Bug 1210336 https://bugzilla.suse.com/1211226 SUSE Bug 1211226 https://bugzilla.suse.com/1212051 SUSE Bug 1212051 https://bugzilla.suse.com/1218184 SUSE Bug 1218184 https://bugzilla.suse.com/1220243 SUSE Bug 1220243 https://bugzilla.suse.com/1220883 SUSE Bug 1220883 https://bugzilla.suse.com/1222709 SUSE Bug 1222709 https://bugzilla.suse.com/1223065 SUSE Bug 1223065 https://bugzilla.suse.com/1223115 SUSE Bug 1223115 https://bugzilla.suse.com/1223118 SUSE Bug 1223118 https://bugzilla.suse.com/1224712 SUSE Bug 1224712 https://bugzilla.suse.com/1224726 SUSE Bug 1224726 https://bugzilla.suse.com/1225254 SUSE Bug 1225254 https://bugzilla.suse.com/1225839 SUSE Bug 1225839 https://bugzilla.suse.com/1226837 SUSE Bug 1226837 https://bugzilla.suse.com/1227768 SUSE Bug 1227768 https://bugzilla.suse.com/1228659 SUSE Bug 1228659 https://bugzilla.suse.com/1231293 SUSE Bug 1231293 https://bugzilla.suse.com/1234454 SUSE Bug 1234454 https://bugzilla.suse.com/1237312 SUSE Bug 1237312 https://bugzilla.suse.com/1237913 SUSE Bug 1237913 https://bugzilla.suse.com/1238167 SUSE Bug 1238167 https://bugzilla.suse.com/1238275 SUSE Bug 1238275 https://bugzilla.suse.com/1238303 SUSE Bug 1238303 https://bugzilla.suse.com/1238570 SUSE Bug 1238570 https://bugzilla.suse.com/1239042 SUSE Bug 1239042 https://bugzilla.suse.com/1239071 SUSE Bug 1239071 https://bugzilla.suse.com/1239644 SUSE Bug 1239644 https://bugzilla.suse.com/1239986 SUSE Bug 1239986 https://bugzilla.suse.com/1240224 SUSE Bug 1240224 https://bugzilla.suse.com/1240610 SUSE Bug 1240610 https://bugzilla.suse.com/1240686 SUSE Bug 1240686 https://bugzilla.suse.com/1240785 SUSE Bug 1240785 https://bugzilla.suse.com/1240799 SUSE Bug 1240799 https://bugzilla.suse.com/1241038 SUSE Bug 1241038 https://bugzilla.suse.com/1241544 SUSE Bug 1241544 https://bugzilla.suse.com/1242140 SUSE Bug 1242140 https://bugzilla.suse.com/1242154 SUSE Bug 1242154 https://bugzilla.suse.com/1242216 SUSE Bug 1242216 https://bugzilla.suse.com/1242243 SUSE Bug 1242243 https://bugzilla.suse.com/1242262 SUSE Bug 1242262 https://bugzilla.suse.com/1242281 SUSE Bug 1242281 https://bugzilla.suse.com/1242301 SUSE Bug 1242301 https://bugzilla.suse.com/1242359 SUSE Bug 1242359 https://bugzilla.suse.com/1242406 SUSE Bug 1242406 https://bugzilla.suse.com/1242423 SUSE Bug 1242423 https://bugzilla.suse.com/1242481 SUSE Bug 1242481 https://bugzilla.suse.com/1242498 SUSE Bug 1242498 https://bugzilla.suse.com/1242504 SUSE Bug 1242504 https://bugzilla.suse.com/1242515 SUSE Bug 1242515 https://bugzilla.suse.com/1242521 SUSE Bug 1242521 https://bugzilla.suse.com/1242575 SUSE Bug 1242575 https://bugzilla.suse.com/1242733 SUSE Bug 1242733 https://bugzilla.suse.com/1242753 SUSE Bug 1242753 https://bugzilla.suse.com/1242758 SUSE Bug 1242758 https://bugzilla.suse.com/1242767 SUSE Bug 1242767 https://bugzilla.suse.com/1242778 SUSE Bug 1242778 https://bugzilla.suse.com/1242849 SUSE Bug 1242849 https://bugzilla.suse.com/1242906 SUSE Bug 1242906 https://bugzilla.suse.com/1242946 SUSE Bug 1242946 https://bugzilla.suse.com/1242957 SUSE Bug 1242957 https://bugzilla.suse.com/1242982 SUSE Bug 1242982 https://bugzilla.suse.com/1243047 SUSE Bug 1243047 https://bugzilla.suse.com/1243469 SUSE Bug 1243469 https://bugzilla.suse.com/1243522 SUSE Bug 1243522 https://bugzilla.suse.com/1243523 SUSE Bug 1243523 https://bugzilla.suse.com/1243524 SUSE Bug 1243524 https://bugzilla.suse.com/1243536 SUSE Bug 1243536 https://bugzilla.suse.com/1243551 SUSE Bug 1243551 https://bugzilla.suse.com/1243620 SUSE Bug 1243620 https://bugzilla.suse.com/1243621 SUSE Bug 1243621 https://bugzilla.suse.com/1243698 SUSE Bug 1243698 https://bugzilla.suse.com/1243827 SUSE Bug 1243827 https://bugzilla.suse.com/1243836 SUSE Bug 1243836 https://bugzilla.suse.com/1244241 SUSE Bug 1244241 https://bugzilla.suse.com/1244274 SUSE Bug 1244274 https://bugzilla.suse.com/1244277 SUSE Bug 1244277 https://bugzilla.suse.com/1244317 SUSE Bug 1244317 https://bugzilla.suse.com/1244337 SUSE Bug 1244337 https://bugzilla.suse.com/1244737 SUSE Bug 1244737 https://bugzilla.suse.com/1244743 SUSE Bug 1244743 https://bugzilla.suse.com/1244783 SUSE Bug 1244783 https://bugzilla.suse.com/1244786 SUSE Bug 1244786 https://bugzilla.suse.com/1244788 SUSE Bug 1244788 https://bugzilla.suse.com/1244802 SUSE Bug 1244802 https://bugzilla.suse.com/1244813 SUSE Bug 1244813 https://bugzilla.suse.com/1244820 SUSE Bug 1244820 https://bugzilla.suse.com/1244836 SUSE Bug 1244836 https://bugzilla.suse.com/1244838 SUSE Bug 1244838 https://bugzilla.suse.com/1244839 SUSE Bug 1244839 https://bugzilla.suse.com/1244841 SUSE Bug 1244841 https://bugzilla.suse.com/1244842 SUSE Bug 1244842 https://bugzilla.suse.com/1244845 SUSE Bug 1244845 https://bugzilla.suse.com/1244848 SUSE Bug 1244848 https://bugzilla.suse.com/1244849 SUSE Bug 1244849 https://bugzilla.suse.com/1244851 SUSE Bug 1244851 https://bugzilla.suse.com/1244867 SUSE Bug 1244867 https://bugzilla.suse.com/1244884 SUSE Bug 1244884 https://bugzilla.suse.com/1244885 SUSE Bug 1244885 https://bugzilla.suse.com/1244886 SUSE Bug 1244886 https://bugzilla.suse.com/1244901 SUSE Bug 1244901 https://bugzilla.suse.com/1244936 SUSE Bug 1244936 https://bugzilla.suse.com/1244948 SUSE Bug 1244948 https://bugzilla.suse.com/1244966 SUSE Bug 1244966 https://bugzilla.suse.com/1244967 SUSE Bug 1244967 https://bugzilla.suse.com/1244968 SUSE Bug 1244968 https://bugzilla.suse.com/1244969 SUSE Bug 1244969 https://bugzilla.suse.com/1244976 SUSE Bug 1244976 https://bugzilla.suse.com/1244978 SUSE Bug 1244978 https://bugzilla.suse.com/1244984 SUSE Bug 1244984 https://bugzilla.suse.com/1244986 SUSE Bug 1244986 https://bugzilla.suse.com/1244992 SUSE Bug 1244992 https://bugzilla.suse.com/1245004 SUSE Bug 1245004 https://bugzilla.suse.com/1245009 SUSE Bug 1245009 https://bugzilla.suse.com/1245024 SUSE Bug 1245024 https://bugzilla.suse.com/1245025 SUSE Bug 1245025 https://bugzilla.suse.com/1245039 SUSE Bug 1245039 https://bugzilla.suse.com/1245047 SUSE Bug 1245047 https://bugzilla.suse.com/1245057 SUSE Bug 1245057 https://bugzilla.suse.com/1245117 SUSE Bug 1245117 https://bugzilla.suse.com/1245119 SUSE Bug 1245119 https://bugzilla.suse.com/1245125 SUSE Bug 1245125 https://bugzilla.suse.com/1245129 SUSE Bug 1245129 https://bugzilla.suse.com/1245131 SUSE Bug 1245131 https://bugzilla.suse.com/1245138 SUSE Bug 1245138 https://bugzilla.suse.com/1245140 SUSE Bug 1245140 https://bugzilla.suse.com/1245147 SUSE Bug 1245147 https://bugzilla.suse.com/1245149 SUSE Bug 1245149 https://bugzilla.suse.com/1245152 SUSE Bug 1245152 https://bugzilla.suse.com/1245183 SUSE Bug 1245183 https://bugzilla.suse.com/1245195 SUSE Bug 1245195 https://bugzilla.suse.com/1245348 SUSE Bug 1245348 https://bugzilla.suse.com/1245440 SUSE Bug 1245440 https://bugzilla.suse.com/1245455 SUSE Bug 1245455 https://www.suse.com/security/cve/CVE-2021-43527/ SUSE CVE CVE-2021-43527 page https://www.suse.com/security/cve/CVE-2021-47212/ SUSE CVE CVE-2021-47212 page https://www.suse.com/security/cve/CVE-2021-47455/ SUSE CVE CVE-2021-47455 page https://www.suse.com/security/cve/CVE-2022-1679/ SUSE CVE CVE-2022-1679 page https://www.suse.com/security/cve/CVE-2022-21546/ SUSE CVE CVE-2022-21546 page https://www.suse.com/security/cve/CVE-2022-2586/ SUSE CVE CVE-2022-2586 page https://www.suse.com/security/cve/CVE-2022-3903/ SUSE CVE CVE-2022-3903 page https://www.suse.com/security/cve/CVE-2022-4095/ SUSE CVE CVE-2022-4095 page https://www.suse.com/security/cve/CVE-2022-4662/ SUSE CVE CVE-2022-4662 page https://www.suse.com/security/cve/CVE-2022-49154/ SUSE CVE CVE-2022-49154 page https://www.suse.com/security/cve/CVE-2022-49622/ SUSE CVE CVE-2022-49622 page https://www.suse.com/security/cve/CVE-2022-49731/ SUSE CVE CVE-2022-49731 page https://www.suse.com/security/cve/CVE-2022-49764/ SUSE CVE CVE-2022-49764 page https://www.suse.com/security/cve/CVE-2022-49780/ SUSE CVE CVE-2022-49780 page https://www.suse.com/security/cve/CVE-2022-49814/ SUSE CVE CVE-2022-49814 page https://www.suse.com/security/cve/CVE-2022-49879/ SUSE CVE CVE-2022-49879 page https://www.suse.com/security/cve/CVE-2022-49881/ SUSE CVE CVE-2022-49881 page https://www.suse.com/security/cve/CVE-2022-49917/ SUSE CVE CVE-2022-49917 page https://www.suse.com/security/cve/CVE-2022-49921/ SUSE CVE CVE-2022-49921 page https://www.suse.com/security/cve/CVE-2022-49936/ SUSE CVE CVE-2022-49936 page https://www.suse.com/security/cve/CVE-2022-49937/ SUSE CVE CVE-2022-49937 page https://www.suse.com/security/cve/CVE-2022-49938/ SUSE CVE CVE-2022-49938 page https://www.suse.com/security/cve/CVE-2022-49954/ SUSE CVE CVE-2022-49954 page https://www.suse.com/security/cve/CVE-2022-49956/ SUSE CVE CVE-2022-49956 page https://www.suse.com/security/cve/CVE-2022-49957/ SUSE CVE CVE-2022-49957 page https://www.suse.com/security/cve/CVE-2022-49977/ SUSE CVE CVE-2022-49977 page https://www.suse.com/security/cve/CVE-2022-49978/ SUSE CVE CVE-2022-49978 page https://www.suse.com/security/cve/CVE-2022-49986/ SUSE CVE CVE-2022-49986 page https://www.suse.com/security/cve/CVE-2022-49987/ SUSE CVE CVE-2022-49987 page https://www.suse.com/security/cve/CVE-2022-49990/ SUSE CVE CVE-2022-49990 page https://www.suse.com/security/cve/CVE-2022-50008/ SUSE CVE CVE-2022-50008 page https://www.suse.com/security/cve/CVE-2022-50012/ SUSE CVE CVE-2022-50012 page https://www.suse.com/security/cve/CVE-2022-50020/ SUSE CVE CVE-2022-50020 page https://www.suse.com/security/cve/CVE-2022-50022/ SUSE CVE CVE-2022-50022 page https://www.suse.com/security/cve/CVE-2022-50045/ SUSE CVE CVE-2022-50045 page https://www.suse.com/security/cve/CVE-2022-50055/ SUSE CVE CVE-2022-50055 page https://www.suse.com/security/cve/CVE-2022-50065/ SUSE CVE CVE-2022-50065 page https://www.suse.com/security/cve/CVE-2022-50067/ SUSE CVE CVE-2022-50067 page https://www.suse.com/security/cve/CVE-2022-50073/ SUSE CVE CVE-2022-50073 page https://www.suse.com/security/cve/CVE-2022-50083/ SUSE CVE CVE-2022-50083 page https://www.suse.com/security/cve/CVE-2022-50084/ SUSE CVE CVE-2022-50084 page https://www.suse.com/security/cve/CVE-2022-50085/ SUSE CVE CVE-2022-50085 page https://www.suse.com/security/cve/CVE-2022-50087/ SUSE CVE CVE-2022-50087 page https://www.suse.com/security/cve/CVE-2022-50091/ SUSE CVE CVE-2022-50091 page https://www.suse.com/security/cve/CVE-2022-50092/ SUSE CVE CVE-2022-50092 page https://www.suse.com/security/cve/CVE-2022-50093/ SUSE CVE CVE-2022-50093 page https://www.suse.com/security/cve/CVE-2022-50094/ SUSE CVE CVE-2022-50094 page https://www.suse.com/security/cve/CVE-2022-50097/ SUSE CVE CVE-2022-50097 page https://www.suse.com/security/cve/CVE-2022-50098/ SUSE CVE CVE-2022-50098 page https://www.suse.com/security/cve/CVE-2022-50099/ SUSE CVE CVE-2022-50099 page https://www.suse.com/security/cve/CVE-2022-50101/ SUSE CVE CVE-2022-50101 page https://www.suse.com/security/cve/CVE-2022-50102/ SUSE CVE CVE-2022-50102 page https://www.suse.com/security/cve/CVE-2022-50104/ SUSE CVE CVE-2022-50104 page https://www.suse.com/security/cve/CVE-2022-50109/ SUSE CVE CVE-2022-50109 page https://www.suse.com/security/cve/CVE-2022-50126/ SUSE CVE CVE-2022-50126 page https://www.suse.com/security/cve/CVE-2022-50134/ SUSE CVE CVE-2022-50134 page https://www.suse.com/security/cve/CVE-2022-50146/ SUSE CVE CVE-2022-50146 page https://www.suse.com/security/cve/CVE-2022-50152/ SUSE CVE CVE-2022-50152 page https://www.suse.com/security/cve/CVE-2022-50153/ SUSE CVE CVE-2022-50153 page https://www.suse.com/security/cve/CVE-2022-50173/ SUSE CVE CVE-2022-50173 page https://www.suse.com/security/cve/CVE-2022-50179/ SUSE CVE CVE-2022-50179 page https://www.suse.com/security/cve/CVE-2022-50181/ SUSE CVE CVE-2022-50181 page https://www.suse.com/security/cve/CVE-2022-50200/ SUSE CVE CVE-2022-50200 page https://www.suse.com/security/cve/CVE-2022-50206/ SUSE CVE CVE-2022-50206 page https://www.suse.com/security/cve/CVE-2022-50211/ SUSE CVE CVE-2022-50211 page https://www.suse.com/security/cve/CVE-2022-50213/ SUSE CVE CVE-2022-50213 page https://www.suse.com/security/cve/CVE-2022-50215/ SUSE CVE CVE-2022-50215 page https://www.suse.com/security/cve/CVE-2022-50220/ SUSE CVE CVE-2022-50220 page https://www.suse.com/security/cve/CVE-2023-1989/ SUSE CVE CVE-2023-1989 page https://www.suse.com/security/cve/CVE-2023-3111/ SUSE CVE CVE-2023-3111 page https://www.suse.com/security/cve/CVE-2023-52500/ SUSE CVE CVE-2023-52500 page https://www.suse.com/security/cve/CVE-2023-52927/ SUSE CVE CVE-2023-52927 page https://www.suse.com/security/cve/CVE-2023-53020/ SUSE CVE CVE-2023-53020 page https://www.suse.com/security/cve/CVE-2023-53063/ SUSE CVE CVE-2023-53063 page https://www.suse.com/security/cve/CVE-2023-53081/ SUSE CVE CVE-2023-53081 page https://www.suse.com/security/cve/CVE-2023-53090/ SUSE CVE CVE-2023-53090 page https://www.suse.com/security/cve/CVE-2023-53091/ SUSE CVE CVE-2023-53091 page https://www.suse.com/security/cve/CVE-2023-53133/ SUSE CVE CVE-2023-53133 page https://www.suse.com/security/cve/CVE-2023-53145/ SUSE CVE CVE-2023-53145 page https://www.suse.com/security/cve/CVE-2024-26586/ SUSE CVE CVE-2024-26586 page https://www.suse.com/security/cve/CVE-2024-26825/ SUSE CVE CVE-2024-26825 page https://www.suse.com/security/cve/CVE-2024-26872/ SUSE CVE CVE-2024-26872 page https://www.suse.com/security/cve/CVE-2024-26875/ SUSE CVE CVE-2024-26875 page https://www.suse.com/security/cve/CVE-2024-35790/ SUSE CVE CVE-2024-35790 page https://www.suse.com/security/cve/CVE-2024-35839/ SUSE CVE CVE-2024-35839 page https://www.suse.com/security/cve/CVE-2024-36959/ SUSE CVE CVE-2024-36959 page https://www.suse.com/security/cve/CVE-2024-38588/ SUSE CVE CVE-2024-38588 page https://www.suse.com/security/cve/CVE-2024-57982/ SUSE CVE CVE-2024-57982 page https://www.suse.com/security/cve/CVE-2025-21898/ SUSE CVE CVE-2025-21898 page https://www.suse.com/security/cve/CVE-2025-21920/ SUSE CVE CVE-2025-21920 page https://www.suse.com/security/cve/CVE-2025-21971/ SUSE CVE CVE-2025-21971 page https://www.suse.com/security/cve/CVE-2025-22035/ SUSE CVE CVE-2025-22035 page https://www.suse.com/security/cve/CVE-2025-23149/ SUSE CVE CVE-2025-23149 page https://www.suse.com/security/cve/CVE-2025-37756/ SUSE CVE CVE-2025-37756 page https://www.suse.com/security/cve/CVE-2025-37757/ SUSE CVE CVE-2025-37757 page https://www.suse.com/security/cve/CVE-2025-37781/ SUSE CVE CVE-2025-37781 page https://www.suse.com/security/cve/CVE-2025-37800/ SUSE CVE CVE-2025-37800 page https://www.suse.com/security/cve/CVE-2025-37810/ SUSE CVE CVE-2025-37810 page https://www.suse.com/security/cve/CVE-2025-37836/ SUSE CVE CVE-2025-37836 page https://www.suse.com/security/cve/CVE-2025-37844/ SUSE CVE CVE-2025-37844 page https://www.suse.com/security/cve/CVE-2025-37862/ SUSE CVE CVE-2025-37862 page https://www.suse.com/security/cve/CVE-2025-37892/ SUSE CVE CVE-2025-37892 page https://www.suse.com/security/cve/CVE-2025-37911/ SUSE CVE CVE-2025-37911 page https://www.suse.com/security/cve/CVE-2025-37923/ SUSE CVE CVE-2025-37923 page https://www.suse.com/security/cve/CVE-2025-37927/ SUSE CVE CVE-2025-37927 page https://www.suse.com/security/cve/CVE-2025-37928/ SUSE CVE CVE-2025-37928 page https://www.suse.com/security/cve/CVE-2025-37961/ SUSE CVE CVE-2025-37961 page https://www.suse.com/security/cve/CVE-2025-37980/ SUSE CVE CVE-2025-37980 page https://www.suse.com/security/cve/CVE-2025-37982/ SUSE CVE CVE-2025-37982 page https://www.suse.com/security/cve/CVE-2025-37992/ SUSE CVE CVE-2025-37992 page https://www.suse.com/security/cve/CVE-2025-37995/ SUSE CVE CVE-2025-37995 page https://www.suse.com/security/cve/CVE-2025-37998/ SUSE CVE CVE-2025-37998 page https://www.suse.com/security/cve/CVE-2025-38000/ SUSE CVE CVE-2025-38000 page https://www.suse.com/security/cve/CVE-2025-38004/ SUSE CVE CVE-2025-38004 page https://www.suse.com/security/cve/CVE-2025-38023/ SUSE CVE CVE-2025-38023 page https://www.suse.com/security/cve/CVE-2025-38024/ SUSE CVE CVE-2025-38024 page https://www.suse.com/security/cve/CVE-2025-38061/ SUSE CVE CVE-2025-38061 page https://www.suse.com/security/cve/CVE-2025-38072/ SUSE CVE CVE-2025-38072 page https://www.suse.com/security/cve/CVE-2025-38078/ SUSE CVE CVE-2025-38078 page https://www.suse.com/security/cve/CVE-2025-38083/ SUSE CVE CVE-2025-38083 page SUSE Linux Enterprise Live Patching 12 SP5 SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 cluster-md-kmp-default-4.12.14-122.266.1 dlm-kmp-default-4.12.14-122.266.1 gfs2-kmp-default-4.12.14-122.266.1 kernel-default-4.12.14-122.266.1 kernel-default-base-4.12.14-122.266.1 kernel-default-devel-4.12.14-122.266.1 kernel-default-extra-4.12.14-122.266.1 kernel-default-kgraft-4.12.14-122.266.1 kernel-default-kgraft-devel-4.12.14-122.266.1 kernel-default-man-4.12.14-122.266.1 kernel-devel-4.12.14-122.266.1 kernel-docs-4.12.14-122.266.1 kernel-docs-html-4.12.14-122.266.1 kernel-kvmsmall-4.12.14-122.266.1 kernel-kvmsmall-base-4.12.14-122.266.1 kernel-kvmsmall-devel-4.12.14-122.266.1 kernel-macros-4.12.14-122.266.1 kernel-obs-build-4.12.14-122.266.1 kernel-obs-qa-4.12.14-122.266.1 kernel-source-4.12.14-122.266.1 kernel-source-vanilla-4.12.14-122.266.1 kernel-syms-4.12.14-122.266.1 kernel-vanilla-4.12.14-122.266.1 kernel-vanilla-base-4.12.14-122.266.1 kernel-vanilla-devel-4.12.14-122.266.1 kernel-zfcpdump-4.12.14-122.266.1 kernel-zfcpdump-man-4.12.14-122.266.1 kgraft-patch-4_12_14-122_266-default-1-8.5.1 kselftests-kmp-default-4.12.14-122.266.1 ocfs2-kmp-default-4.12.14-122.266.1 kernel-default-kgraft-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kernel-default-kgraft-devel-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_266-default-1-8.5.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 cluster-md-kmp-default-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS dlm-kmp-default-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS gfs2-kmp-default-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-default-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-default-base-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-default-devel-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-default-man-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-devel-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-macros-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-source-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS kernel-syms-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS ocfs2-kmp-default-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS cluster-md-kmp-default-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 dlm-kmp-default-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 gfs2-kmp-default-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-default-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-default-base-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-default-devel-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-devel-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-macros-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-source-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 kernel-syms-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 ocfs2-kmp-default-4.12.14-122.266.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. CVE-2021-43527 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2021-43527.html CVE-2021-43527 https://bugzilla.suse.com/1193170 SUSE Bug 1193170 https://bugzilla.suse.com/1193331 SUSE Bug 1193331 https://bugzilla.suse.com/1193378 SUSE Bug 1193378 https://bugzilla.suse.com/1194288 SUSE Bug 1194288 https://bugzilla.suse.com/1199301 SUSE Bug 1199301 https://bugzilla.suse.com/1225630 SUSE Bug 1225630 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error, which indicates that the driver started the destroy process. In this case, when a destroy command is being executed, it should return MLX5_CMD_STAT_OK. Fix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK instead of EIO. This fixes a call trace in the umem release process - [ 2633.536695] Call Trace: [ 2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs] [ 2633.538596] remove_client_context+0x8b/0xd0 [ib_core] [ 2633.539641] disable_device+0x8c/0x130 [ib_core] [ 2633.540615] __ib_unregister_device+0x35/0xa0 [ib_core] [ 2633.541640] ib_unregister_device+0x21/0x30 [ib_core] [ 2633.542663] __mlx5_ib_remove+0x38/0x90 [mlx5_ib] [ 2633.543640] auxiliary_bus_remove+0x1e/0x30 [auxiliary] [ 2633.544661] device_release_driver_internal+0x103/0x1f0 [ 2633.545679] bus_remove_device+0xf7/0x170 [ 2633.546640] device_del+0x181/0x410 [ 2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core] [ 2633.548777] mlx5_unregister_device+0x27/0x40 [mlx5_core] [ 2633.549841] mlx5_uninit_one+0x21/0xc0 [mlx5_core] [ 2633.550864] remove_one+0x69/0xe0 [mlx5_core] [ 2633.551819] pci_device_remove+0x3b/0xc0 [ 2633.552731] device_release_driver_internal+0x103/0x1f0 [ 2633.553746] unbind_store+0xf6/0x130 [ 2633.554657] kernfs_fop_write+0x116/0x190 [ 2633.555567] vfs_write+0xa5/0x1a0 [ 2633.556407] ksys_write+0x4f/0xb0 [ 2633.557233] do_syscall_64+0x5b/0x1a0 [ 2633.558071] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 2633.559018] RIP: 0033:0x7f9977132648 [ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55 [ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648 [ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001 [ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740 [ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0 [ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c [ 2633.568725] ---[ end trace 10b4fe52945e544d ]--- CVE-2021-47212 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2021-47212.html CVE-2021-47212 https://bugzilla.suse.com/1222709 SUSE Bug 1222709 In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptp_clock_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p33931", pid 4421, jiffies 4294948083 (age 13.188s) hex dump (first 8 bytes): 70 74 70 30 00 00 00 00 ptp0.... backtrace: [<00000000312ed458>] __kmalloc_track_caller+0x19f/0x3a0 [<0000000079f6e2ff>] kvasprintf+0xb5/0x150 [<0000000026aae54f>] kvasprintf_const+0x60/0x190 [<00000000f323a5f7>] kobject_set_name_vargs+0x56/0x150 [<000000004e35abdd>] dev_set_name+0xc0/0x100 [<00000000f20cfe25>] ptp_clock_register+0x9f4/0xd30 [ptp] [<000000008bb9f0de>] idt82p33_probe.cold+0x8b6/0x1561 [ptp_idt82p33] When posix_clock_register() returns an error, the name allocated in dev_set_name() will be leaked, the put_device() should be used to give up the device reference, then the name will be freed in kobject_cleanup() and other memory will be freed in ptp_clock_release(). CVE-2021-47455 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2021-47455.html CVE-2021-47455 https://bugzilla.suse.com/1225254 SUSE Bug 1225254 A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2022-1679 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-1679.html CVE-2022-1679 https://bugzilla.suse.com/1199487 SUSE Bug 1199487 https://bugzilla.suse.com/1201080 SUSE Bug 1201080 https://bugzilla.suse.com/1201832 SUSE Bug 1201832 https://bugzilla.suse.com/1204132 SUSE Bug 1204132 https://bugzilla.suse.com/1212316 SUSE Bug 1212316 In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. This patch adds a check for the NDOB bit in the common WRITE SAME code because we don't support it. And, it adds a check for zero SG elements in each handler in case the initiator tries to send a normal WRITE SAME with no data buffer. CVE-2022-21546 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-21546.html CVE-2022-21546 https://bugzilla.suse.com/1242243 SUSE Bug 1242243 It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. CVE-2022-2586 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-2586.html CVE-2022-2586 https://bugzilla.suse.com/1202095 SUSE Bug 1202095 https://bugzilla.suse.com/1209719 SUSE Bug 1209719 An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system. CVE-2022-3903 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-3903.html CVE-2022-3903 https://bugzilla.suse.com/1205220 SUSE Bug 1205220 https://bugzilla.suse.com/1212297 SUSE Bug 1212297 A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. CVE-2022-4095 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-4095.html CVE-2022-4095 https://bugzilla.suse.com/1205514 SUSE Bug 1205514 https://bugzilla.suse.com/1205594 SUSE Bug 1205594 https://bugzilla.suse.com/1208030 SUSE Bug 1208030 https://bugzilla.suse.com/1208085 SUSE Bug 1208085 https://bugzilla.suse.com/1212319 SUSE Bug 1212319 A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. CVE-2022-4662 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-4662.html CVE-2022-4662 https://bugzilla.suse.com/1206664 SUSE Bug 1206664 In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guest_irq is coming from KVM_IRQFD API call, it may trigger crash in svm_update_pi_irte() due to out-of-bounds: crash> bt PID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: "vcpu8" #0 [ffffb1ba6707fa40] machine_kexec at ffffffff8565b397 #1 [ffffb1ba6707fa90] __crash_kexec at ffffffff85788a6d #2 [ffffb1ba6707fb58] crash_kexec at ffffffff8578995d #3 [ffffb1ba6707fb70] oops_end at ffffffff85623c0d #4 [ffffb1ba6707fb90] no_context at ffffffff856692c9 #5 [ffffb1ba6707fbf8] exc_page_fault at ffffffff85f95b51 #6 [ffffb1ba6707fc50] asm_exc_page_fault at ffffffff86000ace [exception RIP: svm_update_pi_irte+227] RIP: ffffffffc0761b53 RSP: ffffb1ba6707fd08 RFLAGS: 00010086 RAX: ffffb1ba6707fd78 RBX: ffffb1ba66d91000 RCX: 0000000000000001 RDX: 00003c803f63f1c0 RSI: 000000000000019a RDI: ffffb1ba66db2ab8 RBP: 000000000000019a R8: 0000000000000040 R9: ffff94ca41b82200 R10: ffffffffffffffcf R11: 0000000000000001 R12: 0000000000000001 R13: 0000000000000001 R14: ffffffffffffffcf R15: 000000000000005f ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #7 [ffffb1ba6707fdb8] kvm_irq_routing_update at ffffffffc09f19a1 [kvm] #8 [ffffb1ba6707fde0] kvm_set_irq_routing at ffffffffc09f2133 [kvm] #9 [ffffb1ba6707fe18] kvm_vm_ioctl at ffffffffc09ef544 [kvm] RIP: 00007f143c36488b RSP: 00007f143a4e04b8 RFLAGS: 00000246 RAX: ffffffffffffffda RBX: 00007f05780041d0 RCX: 00007f143c36488b RDX: 00007f05780041d0 RSI: 000000004008ae6a RDI: 0000000000000020 RBP: 00000000000004e8 R8: 0000000000000008 R9: 00007f05780041e0 R10: 00007f0578004560 R11: 0000000000000246 R12: 00000000000004e0 R13: 000000000000001a R14: 00007f1424001c60 R15: 00007f0578003bc0 ORIG_RAX: 0000000000000010 CS: 0033 SS: 002b Vmx have been fix this in commit 3a8b0677fc61 (KVM: VMX: Do not BUG() on out-of-bounds guest IRQ), so we can just copy source from that to fix this. CVE-2022-49154 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49154.html CVE-2022-49154 https://bugzilla.suse.com/1238167 SUSE Bug 1238167 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid skb access on nf_stolen When verdict is NF_STOLEN, the skb might have been freed. When tracing is enabled, this can result in a use-after-free: 1. access to skb->nf_trace 2. access to skb->mark 3. computation of trace id 4. dump of packet payload To avoid 1, keep a cached copy of skb->nf_trace in the trace state struct. Refresh this copy whenever verdict is != STOLEN. Avoid 2 by skipping skb->mark access if verdict is STOLEN. 3 is avoided by precomputing the trace id. Only dump the packet when verdict is not "STOLEN". CVE-2022-49622 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49622.html CVE-2022-49622 https://bugzilla.suse.com/1239042 SUSE Bug 1239042 In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() In an unlikely (and probably wrong?) case that the 'ppi' parameter of ata_host_alloc_pinfo() points to an array starting with a NULL pointer, there's going to be a kernel oops as the 'pi' local variable won't get reassigned from the initial value of NULL. Initialize 'pi' instead to '&ata_dummy_port_info' to fix the possible kernel oops for good... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. CVE-2022-49731 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49731.html CVE-2022-49731 https://bugzilla.suse.com/1239071 SUSE Bug 1239071 In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent bpf program recursion for raw tracepoint probes We got report from sysbot [1] about warnings that were caused by bpf program attached to contention_begin raw tracepoint triggering the same tracepoint by using bpf_trace_printk helper that takes trace_printk_lock lock. Call Trace: <TASK> ? trace_event_raw_event_bpf_trace_printk+0x5f/0x90 bpf_trace_printk+0x2b/0xe0 bpf_prog_a9aec6167c091eef_prog+0x1f/0x24 bpf_trace_run2+0x26/0x90 native_queued_spin_lock_slowpath+0x1c6/0x2b0 _raw_spin_lock_irqsave+0x44/0x50 bpf_trace_printk+0x3f/0xe0 bpf_prog_a9aec6167c091eef_prog+0x1f/0x24 bpf_trace_run2+0x26/0x90 native_queued_spin_lock_slowpath+0x1c6/0x2b0 _raw_spin_lock_irqsave+0x44/0x50 bpf_trace_printk+0x3f/0xe0 bpf_prog_a9aec6167c091eef_prog+0x1f/0x24 bpf_trace_run2+0x26/0x90 native_queued_spin_lock_slowpath+0x1c6/0x2b0 _raw_spin_lock_irqsave+0x44/0x50 bpf_trace_printk+0x3f/0xe0 bpf_prog_a9aec6167c091eef_prog+0x1f/0x24 bpf_trace_run2+0x26/0x90 native_queued_spin_lock_slowpath+0x1c6/0x2b0 _raw_spin_lock_irqsave+0x44/0x50 __unfreeze_partials+0x5b/0x160 ... The can be reproduced by attaching bpf program as raw tracepoint on contention_begin tracepoint. The bpf prog calls bpf_trace_printk helper. Then by running perf bench the spin lock code is forced to take slow path and call contention_begin tracepoint. Fixing this by skipping execution of the bpf program if it's already running, Using bpf prog 'active' field, which is being currently used by trampoline programs for the same reason. Moving bpf_prog_inc_misses_counter to syscall.c because trampoline.c is compiled in just for CONFIG_BPF_JIT option. [1] https://lore.kernel.org/bpf/YxhFe3EwqchC%2FfYf@krava/T/#t CVE-2022-49764 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49764.html CVE-2022-49764 https://bugzilla.suse.com/1242301 SUSE Bug 1242301 In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() If device_register() fails in tcm_loop_setup_hba_bus(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). The 'tl_hba' will be freed in tcm_loop_release_adapter(), so it don't need goto error label in this case. CVE-2022-49780 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49780.html CVE-2022-49780 https://bugzilla.suse.com/1242262 SUSE Bug 1242262 In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCM sockets its RX path takes mux->rx_lock to protect more than just skb queue. However, kcm_recvmsg() still only grabs the skb queue lock, so race conditions still exist. We can teach kcm_recvmsg() to grab mux->rx_lock too but this would introduce a potential performance regression as struct kcm_mux can be shared by multiple KCM sockets. So we have to enforce skb queue lock in requeue_rx_msgs() and handle skb peek case carefully in kcm_wait_data(). Fortunately, skb_recv_datagram() already handles it nicely and is widely used by other sockets, we can just switch to skb_recv_datagram() after getting rid of the unnecessary sock lock in kcm_recvmsg() and kcm_splice_read(). Side note: SOCK_DONE is not used by KCM sockets, so it is safe to get rid of this check too. I ran the original syzbot reproducer for 30 min without seeing any issue. CVE-2022-49814 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49814.html CVE-2022-49814 https://bugzilla.suse.com/1242498 SUSE Bug 1242498 In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when directory entry has invalid rec_len The rec_len field in the directory entry has to be a multiple of 4. A corrupted filesystem image can be used to hit a BUG() in ext4_rec_len_to_disk(), called from make_indexed_dir(). ------------[ cut here ]------------ kernel BUG at fs/ext4/ext4.h:2413! ... RIP: 0010:make_indexed_dir+0x53f/0x5f0 ... Call Trace: <TASK> ? add_dirent_to_buf+0x1b2/0x200 ext4_add_entry+0x36e/0x480 ext4_add_nondir+0x2b/0xc0 ext4_create+0x163/0x200 path_openat+0x635/0xe90 do_filp_open+0xb4/0x160 ? __create_object.isra.0+0x1de/0x3b0 ? _raw_spin_unlock+0x12/0x30 do_sys_openat2+0x91/0x150 __x64_sys_open+0x6c/0xa0 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The fix simply adds a call to ext4_check_dir_entry() to validate the directory entry, returning -EFSCORRUPTED if the entry is invalid. CVE-2022-49879 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49879.html CVE-2022-49879 https://bugzilla.suse.com/1242733 SUSE Bug 1242733 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2 parameter is duplicated using kmemdup() and subsequently freed in regdb_fw_cb(). However, request_firmware_nowait() can fail without calling regdb_fw_cb() and thus leak memory. CVE-2022-49881 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49881.html CVE-2022-49881 https://bugzilla.suse.com/1242481 SUSE Bug 1242481 In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ip_vs_app_net_cleanup() During the initialization of ip_vs_app_net_init(), if file ip_vs_app fails to be created, the initialization is successful by default. Therefore, the ip_vs_app file doesn't be found during the remove in ip_vs_app_net_cleanup(). It will cause WRNING. The following is the stack information: name 'ip_vs_app' WARNING: CPU: 1 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 Modules linked in: Workqueue: netns cleanup_net RIP: 0010:remove_proc_entry+0x389/0x460 Call Trace: <TASK> ops_exit_list+0x125/0x170 cleanup_net+0x4ea/0xb00 process_one_work+0x9bf/0x1710 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 </TASK> CVE-2022-49917 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49917.html CVE-2022-49917 https://bugzilla.suse.com/1242406 SUSE Bug 1242406 In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in red_enqueue() We can't use "skb" again after passing it to qdisc_enqueue(). This is basically identical to commit 2f09707d0c97 ("sch_sfb: Also store skb len before calling child enqueue"). CVE-2022-49921 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49921.html CVE-2022-49921 https://bugzilla.suse.com/1242359 SUSE Bug 1242359 In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 #3 Not tainted -------------------------------------------- kworker/1:3/1205 is trying to acquire lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 but task is already holding lock: ffff888018638db8 (&us_interface_key[i]){+.+.}-{3:3}, at: usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 ... stack backtrace: CPU: 1 PID: 1205 Comm: kworker/1:3 Not tainted 5.18.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_deadlock_bug kernel/locking/lockdep.c:2988 [inline] check_deadlock kernel/locking/lockdep.c:3031 [inline] validate_chain kernel/locking/lockdep.c:3816 [inline] __lock_acquire.cold+0x152/0x3ca kernel/locking/lockdep.c:5053 lock_acquire kernel/locking/lockdep.c:5665 [inline] lock_acquire+0x1ab/0x520 kernel/locking/lockdep.c:5630 __mutex_lock_common kernel/locking/mutex.c:603 [inline] __mutex_lock+0x14f/0x1610 kernel/locking/mutex.c:747 usb_stor_pre_reset+0x35/0x40 drivers/usb/storage/usb.c:230 usb_reset_device+0x37d/0x9a0 drivers/usb/core/hub.c:6109 r871xu_dev_remove+0x21a/0x270 drivers/staging/rtl8712/usb_intf.c:622 usb_unbind_interface+0x1bd/0x890 drivers/usb/core/driver.c:458 device_remove drivers/base/dd.c:545 [inline] device_remove+0x11f/0x170 drivers/base/dd.c:537 __device_release_driver drivers/base/dd.c:1222 [inline] device_release_driver_internal+0x1a7/0x2f0 drivers/base/dd.c:1248 usb_driver_release_interface+0x102/0x180 drivers/usb/core/driver.c:627 usb_forced_unbind_intf+0x4d/0xa0 drivers/usb/core/driver.c:1118 usb_reset_device+0x39b/0x9a0 drivers/usb/core/hub.c:6114 This turned out not to be an error in usb-storage but rather a nested device reset attempt. That is, as the rtl8712 driver was being unbound from a composite device in preparation for an unrelated USB reset (that driver does not have pre_reset or post_reset callbacks), its ->remove routine called usb_reset_device() -- thus nesting one reset call within another. Performing a reset as part of disconnect processing is a questionable practice at best. However, the bug report points out that the USB core does not have any protection against nested resets. Adding a reset_in_progress flag and testing it will prevent such errors in the future. CVE-2022-49936 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49936.html CVE-2022-49936 https://bugzilla.suse.com/1244984 SUSE Bug 1244984 In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction in the mceusb driver: ------------[ cut here ]------------ usb 6-1: BOGUS control dir, pipe 80000380 doesn't match bRequestType 40 WARNING: CPU: 0 PID: 2465 at drivers/usb/core/urb.c:410 usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410 Modules linked in: CPU: 0 PID: 2465 Comm: kworker/0:2 Not tainted 5.19.0-rc4-00208-g69cb6c6556ad #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0x1326/0x1820 drivers/usb/core/urb.c:410 Code: 7c 24 40 e8 ac 23 91 fd 48 8b 7c 24 40 e8 b2 70 1b ff 45 89 e8 44 89 f1 4c 89 e2 48 89 c6 48 c7 c7 a0 30 a9 86 e8 48 07 11 02 <0f> 0b e9 1c f0 ff ff e8 7e 23 91 fd 0f b6 1d 63 22 83 05 31 ff 41 RSP: 0018:ffffc900032becf0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff8881100f3058 RCX: 0000000000000000 RDX: ffffc90004961000 RSI: ffff888114c6d580 RDI: fffff52000657d90 RBP: ffff888105ad90f0 R08: ffffffff812c3638 R09: 0000000000000000 R10: 0000000000000005 R11: ffffed1023504ef1 R12: ffff888105ad9000 R13: 0000000000000040 R14: 0000000080000380 R15: ffff88810ba96500 FS: 0000000000000000(0000) GS:ffff88811a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffe810bda58 CR3: 000000010b720000 CR4: 0000000000350ef0 Call Trace: <TASK> usb_start_wait_urb+0x101/0x4c0 drivers/usb/core/message.c:58 usb_internal_control_msg drivers/usb/core/message.c:102 [inline] usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153 mceusb_gen1_init drivers/media/rc/mceusb.c:1431 [inline] mceusb_dev_probe+0x258e/0x33f0 drivers/media/rc/mceusb.c:1807 The reason for the warning is clear enough; the driver sends an unusual read request on endpoint 0 but does not set the USB_DIR_IN bit in the bRequestType field. More importantly, the whole situation can be avoided and the driver simplified by converting it over to the relatively new usb_control_msg_recv() and usb_control_msg_send() routines. That's what this fix does. CVE-2022-49937 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49937.html CVE-2022-49937 https://bugzilla.suse.com/1245057 SUSE Bug 1245057 In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the request is sent, the checks would return -EIO when they should be rather setting rc = -EIO and jumping to neg_exit to free the response buffer from mempool. CVE-2022-49938 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49938.html CVE-2022-49938 https://bugzilla.suse.com/1244820 SUSE Bug 1244820 In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is blocking input_disconnect_device() from __input_unregister_device(). It seems that the cause is simply that commit c2b27ef672992a20 ("Input: iforce - wait for command completion when closing the device") forgot to call wake_up() after clear_bit(). Fix this problem by introducing a helper that calls clear_bit() followed by wake_up_all(). CVE-2022-49954 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49954.html CVE-2022-49954 https://bugzilla.suse.com/1244976 SUSE Bug 1244976 In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd" pointer. It results in a use after free. Delete them. CVE-2022-49956 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49956.html CVE-2022-49956 https://bugzilla.suse.com/1244969 SUSE Bug 1244969 In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initializes strp->work etc., therefore, it is unnecessary to call strp_done() to cancel the freshly initialized work. And if sk_user_data is already used by KCM, psock->strp should not be touched, particularly strp->work state, so we need to move strp_init() after the csk->sk_user_data check. This also makes a lockdep warning reported by syzbot go away. CVE-2022-49957 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49957.html CVE-2022-49957 https://bugzilla.suse.com/1244966 SUSE Bug 1244966 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_startup __register_ftrace_function ... add_ftrace_ops(&ftrace_ops_list, ops) ... ... ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1 ... return 0 // ops is in the ftrace_ops_list. When ftrace_disabled = 1, unregister_ftrace_function simply returns without doing anything: unregister_ftrace_function ftrace_shutdown if (unlikely(ftrace_disabled)) return -ENODEV; // return here, __unregister_ftrace_function is not executed, // as a result, ops is still in the ftrace_ops_list __unregister_ftrace_function ... If ops is dynamically allocated, it will be free later, in this case, is_ftrace_trampoline accesses NULL pointer: is_ftrace_trampoline ftrace_ops_trampoline do_for_each_ftrace_op(op, ftrace_ops_list) // OOPS! op may be NULL! Syzkaller reports as follows: [ 1203.506103] BUG: kernel NULL pointer dereference, address: 000000000000010b [ 1203.508039] #PF: supervisor read access in kernel mode [ 1203.508798] #PF: error_code(0x0000) - not-present page [ 1203.509558] PGD 800000011660b067 P4D 800000011660b067 PUD 130fb8067 PMD 0 [ 1203.510560] Oops: 0000 [#1] SMP KASAN PTI [ 1203.511189] CPU: 6 PID: 29532 Comm: syz-executor.2 Tainted: G B W 5.10.0 #8 [ 1203.512324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 [ 1203.513895] RIP: 0010:is_ftrace_trampoline+0x26/0xb0 [ 1203.514644] Code: ff eb d3 90 41 55 41 54 49 89 fc 55 53 e8 f2 00 fd ff 48 8b 1d 3b 35 5d 03 e8 e6 00 fd ff 48 8d bb 90 00 00 00 e8 2a 81 26 00 <48> 8b ab 90 00 00 00 48 85 ed 74 1d e8 c9 00 fd ff 48 8d bb 98 00 [ 1203.518838] RSP: 0018:ffffc900012cf960 EFLAGS: 00010246 [ 1203.520092] RAX: 0000000000000000 RBX: 000000000000007b RCX: ffffffff8a331866 [ 1203.521469] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 000000000000010b [ 1203.522583] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8df18b07 [ 1203.523550] R10: fffffbfff1be3160 R11: 0000000000000001 R12: 0000000000478399 [ 1203.524596] R13: 0000000000000000 R14: ffff888145088000 R15: 0000000000000008 [ 1203.525634] FS: 00007f429f5f4700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 1203.526801] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1203.527626] CR2: 000000000000010b CR3: 0000000170e1e001 CR4: 00000000003706e0 [ 1203.528611] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1203.529605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Therefore, when ftrace_startup_enable fails, we need to rollback registration process and remove ops from ftrace_ops_list. CVE-2022-49977 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49977.html CVE-2022-49977 https://bugzilla.suse.com/1244936 SUSE Bug 1244936 In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be copied from user, then go through `fb_set_var()` and `info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`. Along the path, `var->pixclock` won't be modified. This function checks whether reciprocal of `var->pixclock` is too high. If `var->pixclock` is zero, there will be a divide by zero error. So, it is necessary to check whether denominator is zero to avoid crash. As this bug is found by Syzkaller, logs are listed below. divide error in pm2fb_check_var Call Trace: <TASK> fb_set_var+0x367/0xeb0 drivers/video/fbdev/core/fbmem.c:1015 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189 CVE-2022-49978 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49978.html CVE-2022-49978 https://bugzilla.suse.com/1245195 SUSE Bug 1245195 In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it doesn't need to make forward progress under memory pressure. Marking this workqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a non-WQ_MEM_RECLAIM workqueue. In the current state it causes the following warning: [ 14.506347] ------------[ cut here ]------------ [ 14.506354] workqueue: WQ_MEM_RECLAIM storvsc_error_wq_0:storvsc_remove_lun is flushing !WQ_MEM_RECLAIM events_freezable_power_:disk_events_workfn [ 14.506360] WARNING: CPU: 0 PID: 8 at <-snip->kernel/workqueue.c:2623 check_flush_dependency+0xb5/0x130 [ 14.506390] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.4.0-1086-azure #91~18.04.1-Ubuntu [ 14.506391] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 14.506393] Workqueue: storvsc_error_wq_0 storvsc_remove_lun [ 14.506395] RIP: 0010:check_flush_dependency+0xb5/0x130 <-snip-> [ 14.506408] Call Trace: [ 14.506412] __flush_work+0xf1/0x1c0 [ 14.506414] __cancel_work_timer+0x12f/0x1b0 [ 14.506417] ? kernfs_put+0xf0/0x190 [ 14.506418] cancel_delayed_work_sync+0x13/0x20 [ 14.506420] disk_block_events+0x78/0x80 [ 14.506421] del_gendisk+0x3d/0x2f0 [ 14.506423] sr_remove+0x28/0x70 [ 14.506427] device_release_driver_internal+0xef/0x1c0 [ 14.506428] device_release_driver+0x12/0x20 [ 14.506429] bus_remove_device+0xe1/0x150 [ 14.506431] device_del+0x167/0x380 [ 14.506432] __scsi_remove_device+0x11d/0x150 [ 14.506433] scsi_remove_device+0x26/0x40 [ 14.506434] storvsc_remove_lun+0x40/0x60 [ 14.506436] process_one_work+0x209/0x400 [ 14.506437] worker_thread+0x34/0x400 [ 14.506439] kthread+0x121/0x140 [ 14.506440] ? process_one_work+0x400/0x400 [ 14.506441] ? kthread_park+0x90/0x90 [ 14.506443] ret_from_fork+0x35/0x40 [ 14.506445] ---[ end trace 2d9633159fdc6ee7 ]--- CVE-2022-49986 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49986.html CVE-2022-49986 https://bugzilla.suse.com/1244948 SUSE Bug 1244948 In the Linux kernel, the following vulnerability has been resolved: md: call __md_stop_writes in md_stop From the link [1], we can see raid1d was running even after the path raid_dtr -> md_stop -> __md_stop. Let's stop write first in destructor to align with normal md-raid to fix the KASAN issue. [1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a CVE-2022-49987 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49987.html CVE-2022-49987 https://bugzilla.suse.com/1245024 SUSE Bug 1245024 In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork() failure The pointers for guarded storage and runtime instrumentation control blocks are stored in the thread_struct of the associated task. These pointers are initially copied on fork() via arch_dup_task_struct() and then cleared via copy_thread() before fork() returns. If fork() happens to fail after the initial task dup and before copy_thread(), the newly allocated task and associated thread_struct memory are freed via free_task() -> arch_release_task_struct(). This results in a double free of the guarded storage and runtime info structs because the fields in the failed task still refer to memory associated with the source task. This problem can manifest as a BUG_ON() in set_freepointer() (with CONFIG_SLAB_FREELIST_HARDENED enabled) or KASAN splat (if enabled) when running trinity syscall fuzz tests on s390x. To avoid this problem, clear the associated pointer fields in arch_dup_task_struct() immediately after the new task is copied. Note that the RI flag is still cleared in copy_thread() because it resides in thread stack memory and that is where stack info is copied. CVE-2022-49990 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-49990.html CVE-2022-49990 https://bugzilla.suse.com/1245006 SUSE Bug 1245006 In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarm_kprobe() for disabled kprobes The assumption in __disable_kprobe() is wrong, and it could try to disarm an already disarmed kprobe and fire the WARN_ONCE() below. [0] We can easily reproduce this issue. 1. Write 0 to /sys/kernel/debug/kprobes/enabled. # echo 0 > /sys/kernel/debug/kprobes/enabled 2. Run execsnoop. At this time, one kprobe is disabled. # /usr/share/bcc/tools/execsnoop & [1] 2460 PCOMM PID PPID RET ARGS # cat /sys/kernel/debug/kprobes/list ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE] ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE] 3. Write 1 to /sys/kernel/debug/kprobes/enabled, which changes kprobes_all_disarmed to false but does not arm the disabled kprobe. # echo 1 > /sys/kernel/debug/kprobes/enabled # cat /sys/kernel/debug/kprobes/list ffffffff91345650 r __x64_sys_execve+0x0 [FTRACE] ffffffff91345650 k __x64_sys_execve+0x0 [DISABLED][FTRACE] 4. Kill execsnoop, when __disable_kprobe() calls disarm_kprobe() for the disabled kprobe and hits the WARN_ONCE() in __disarm_kprobe_ftrace(). # fg /usr/share/bcc/tools/execsnoop ^C Actually, WARN_ONCE() is fired twice, and __unregister_kprobe_top() misses some cleanups and leaves the aggregated kprobe in the hash table. Then, __unregister_trace_kprobe() initialises tk->rp.kp.list and creates an infinite loop like this. aggregated kprobe.list -> kprobe.list -. ^ | '.__.' In this situation, these commands fall into the infinite loop and result in RCU stall or soft lockup. cat /sys/kernel/debug/kprobes/list : show_kprobe_addr() enters into the infinite loop with RCU. /usr/share/bcc/tools/execsnoop : warn_kprobe_rereg() holds kprobe_mutex, and __get_valid_kprobe() is stuck in the loop. To avoid the issue, make sure we don't call disarm_kprobe() for disabled kprobes. [0] Failed to disarm kprobe-ftrace at __x64_sys_execve+0x0/0x40 (error -2) WARNING: CPU: 6 PID: 2460 at kernel/kprobes.c:1130 __disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129) Modules linked in: ena CPU: 6 PID: 2460 Comm: execsnoop Not tainted 5.19.0+ #28 Hardware name: Amazon EC2 c5.2xlarge/, BIOS 1.0 10/16/2017 RIP: 0010:__disarm_kprobe_ftrace.isra.19 (kernel/kprobes.c:1129) Code: 24 8b 02 eb c1 80 3d c4 83 f2 01 00 75 d4 48 8b 75 00 89 c2 48 c7 c7 90 fa 0f 92 89 04 24 c6 05 ab 83 01 e8 e4 94 f0 ff <0f> 0b 8b 04 24 eb b1 89 c6 48 c7 c7 60 fa 0f 92 89 04 24 e8 cc 94 RSP: 0018:ffff9e6ec154bd98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffffff930f7b00 RCX: 0000000000000001 RDX: 0000000080000001 RSI: ffffffff921461c5 RDI: 00000000ffffffff RBP: ffff89c504286da8 R08: 0000000000000000 R09: c0000000fffeffff R10: 0000000000000000 R11: ffff9e6ec154bc28 R12: ffff89c502394e40 R13: ffff89c502394c00 R14: ffff9e6ec154bc00 R15: 0000000000000000 FS: 00007fe800398740(0000) GS:ffff89c812d80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c00057f010 CR3: 0000000103b54006 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> __disable_kprobe (kernel/kprobes.c:1716) disable_kprobe (kernel/kprobes.c:2392) __disable_trace_kprobe (kernel/trace/trace_kprobe.c:340) disable_trace_kprobe (kernel/trace/trace_kprobe.c:429) perf_trace_event_unreg.isra.2 (./include/linux/tracepoint.h:93 kernel/trace/trace_event_perf.c:168) perf_kprobe_destroy (kernel/trace/trace_event_perf.c:295) _free_event (kernel/events/core.c:4971) perf_event_release_kernel (kernel/events/core.c:5176) perf_release (kernel/events/core.c:5186) __fput (fs/file_table.c:321) task_work_run (./include/linux/ ---truncated--- CVE-2022-50008 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50008.html CVE-2022-50008 https://bugzilla.suse.com/1245009 SUSE Bug 1245009 In the Linux kernel, the following vulnerability has been resolved: powerpc/64: Init jump labels before parse_early_param() On 64-bit, calling jump_label_init() in setup_feature_keys() is too late because static keys may be used in subroutines of parse_early_param() which is again subroutine of early_init_devtree(). For example booting with "threadirqs": static_key_enable_cpuslocked(): static key '0xc000000002953260' used before call to jump_label_init() WARNING: CPU: 0 PID: 0 at kernel/jump_label.c:166 static_key_enable_cpuslocked+0xfc/0x120 ... NIP static_key_enable_cpuslocked+0xfc/0x120 LR static_key_enable_cpuslocked+0xf8/0x120 Call Trace: static_key_enable_cpuslocked+0xf8/0x120 (unreliable) static_key_enable+0x30/0x50 setup_forced_irqthreads+0x28/0x40 do_early_param+0xa0/0x108 parse_args+0x290/0x4e0 parse_early_options+0x48/0x5c parse_early_param+0x58/0x84 early_init_devtree+0xd4/0x518 early_setup+0xb4/0x214 So call jump_label_init() just before parse_early_param() in early_init_devtree(). [mpe: Add call trace to change log and minor wording edits.] CVE-2022-50012 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50012.html CVE-2022-50012 https://bugzilla.suse.com/1245125 SUSE Bug 1245125 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boundary. An online resize to a size that is not integral to cluster size results in the last iteration attempting to grow the fs by a negative amount, which trips a BUG_ON and leaves the fs with a corrupted in-memory superblock. CVE-2022-50020 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50020.html CVE-2022-50020 https://bugzilla.suse.com/1245129 SUSE Bug 1245129 https://bugzilla.suse.com/1245130 SUSE Bug 1245130 In the Linux kernel, the following vulnerability has been resolved: drivers:md:fix a potential use-after-free bug In line 2884, "raid5_release_stripe(sh);" drops the reference to sh and may cause sh to be released. However, sh is subsequently used in lines 2886 "if (sh->batch_head && sh != sh->batch_head)". This may result in an use-after-free bug. It can be fixed by moving "raid5_release_stripe(sh);" to the bottom of the function. CVE-2022-50022 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50022.html CVE-2022-50022 https://bugzilla.suse.com/1245131 SUSE Bug 1245131 In the Linux kernel, the following vulnerability has been resolved: powerpc/pci: Fix get_phb_number() locking The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP warning on some systems: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 1 lock held by swapper/1: #0: c157efb0 (hose_spinlock){+.+.}-{2:2}, at: pcibios_alloc_controller+0x64/0x220 Preemption disabled at: [<00000000>] 0x0 CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0-yocto-standard+ #1 Call Trace: [d101dc90] [c073b264] dump_stack_lvl+0x50/0x8c (unreliable) [d101dcb0] [c0093b70] __might_resched+0x258/0x2a8 [d101dcd0] [c0d3e634] __mutex_lock+0x6c/0x6ec [d101dd50] [c0a84174] of_alias_get_id+0x50/0xf4 [d101dd80] [c002ec78] pcibios_alloc_controller+0x1b8/0x220 [d101ddd0] [c140c9dc] pmac_pci_init+0x198/0x784 [d101de50] [c140852c] discover_phbs+0x30/0x4c [d101de60] [c0007fd4] do_one_initcall+0x94/0x344 [d101ded0] [c1403b40] kernel_init_freeable+0x1a8/0x22c [d101df10] [c00086e0] kernel_init+0x34/0x160 [d101df30] [c001b334] ret_from_kernel_thread+0x5c/0x64 This is because pcibios_alloc_controller() holds hose_spinlock but of_alias_get_id() takes of_mutex which can sleep. The hose_spinlock protects the phb_bitmap, and also the hose_list, but it doesn't need to be held while get_phb_number() calls the OF routines, because those are only looking up information in the device tree. So fix it by having get_phb_number() take the hose_spinlock itself, only where required, and then dropping the lock before returning. pcibios_alloc_controller() then needs to take the lock again before the list_add() but that's safe, the order of the list is not important. CVE-2022-50045 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50045.html CVE-2022-50045 https://bugzilla.suse.com/1244967 SUSE Bug 1244967 In the Linux kernel, the following vulnerability has been resolved: iavf: Fix adminq error handling iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent memory for VF mailbox. Free DMA regions for both ASQ and ARQ in case error happens during configuration of ASQ/ARQ registers. Without this change it is possible to see when unloading interface: 74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32] One of leaked entries details: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent] CVE-2022-50055 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50055.html CVE-2022-50055 https://bugzilla.suse.com/1245039 SUSE Bug 1245039 In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix memory leak inside XPD_TX with mergeable When we call xdp_convert_buff_to_frame() to get xdpf, if it returns NULL, we should check if xdp_page was allocated by xdp_linearize_page(). If it is newly allocated, it should be freed here alone. Just like any other "goto err_xdp". CVE-2022-50065 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50065.html CVE-2022-50065 https://bugzilla.suse.com/1244986 SUSE Bug 1244986 In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() In btrfs_relocate_block_group(), the rc is allocated. Then btrfs_relocate_block_group() calls relocate_block_group() prepare_to_relocate() set_reloc_control() that assigns rc to the variable fs_info->reloc_ctl. When prepare_to_relocate() returns, it calls btrfs_commit_transaction() btrfs_start_dirty_block_groups() btrfs_alloc_path() kmem_cache_zalloc() which may fail for example (or other errors could happen). When the failure occurs, btrfs_relocate_block_group() detects the error and frees rc and doesn't set fs_info->reloc_ctl to NULL. After that, in btrfs_init_reloc_root(), rc is retrieved from fs_info->reloc_ctl and then used, which may cause a use-after-free bug. This possible bug can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). To fix this possible bug, in prepare_to_relocate(), check if btrfs_commit_transaction() fails. If the failure occurs, unset_reloc_control() is called to set fs_info->reloc_ctl to NULL. The error log in our fault-injection testing is shown as follows: [ 58.751070] BUG: KASAN: use-after-free in btrfs_init_reloc_root+0x7ca/0x920 [btrfs] ... [ 58.753577] Call Trace: ... [ 58.755800] kasan_report+0x45/0x60 [ 58.756066] btrfs_init_reloc_root+0x7ca/0x920 [btrfs] [ 58.757304] record_root_in_trans+0x792/0xa10 [btrfs] [ 58.757748] btrfs_record_root_in_trans+0x463/0x4f0 [btrfs] [ 58.758231] start_transaction+0x896/0x2950 [btrfs] [ 58.758661] btrfs_defrag_root+0x250/0xc00 [btrfs] [ 58.759083] btrfs_ioctl_defrag+0x467/0xa00 [btrfs] [ 58.759513] btrfs_ioctl+0x3c95/0x114e0 [btrfs] ... [ 58.768510] Allocated by task 23683: [ 58.768777] ____kasan_kmalloc+0xb5/0xf0 [ 58.769069] __kmalloc+0x227/0x3d0 [ 58.769325] alloc_reloc_control+0x10a/0x3d0 [btrfs] [ 58.769755] btrfs_relocate_block_group+0x7aa/0x1e20 [btrfs] [ 58.770228] btrfs_relocate_chunk+0xf1/0x760 [btrfs] [ 58.770655] __btrfs_balance+0x1326/0x1f10 [btrfs] [ 58.771071] btrfs_balance+0x3150/0x3d30 [btrfs] [ 58.771472] btrfs_ioctl_balance+0xd84/0x1410 [btrfs] [ 58.771902] btrfs_ioctl+0x4caa/0x114e0 [btrfs] ... [ 58.773337] Freed by task 23683: ... [ 58.774815] kfree+0xda/0x2b0 [ 58.775038] free_reloc_control+0x1d6/0x220 [btrfs] [ 58.775465] btrfs_relocate_block_group+0x115c/0x1e20 [btrfs] [ 58.775944] btrfs_relocate_chunk+0xf1/0x760 [btrfs] [ 58.776369] __btrfs_balance+0x1326/0x1f10 [btrfs] [ 58.776784] btrfs_balance+0x3150/0x3d30 [btrfs] [ 58.777185] btrfs_ioctl_balance+0xd84/0x1410 [btrfs] [ 58.777621] btrfs_ioctl+0x4caa/0x114e0 [btrfs] ... CVE-2022-50067 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50067.html CVE-2022-50067 https://bugzilla.suse.com/1245047 SUSE Bug 1245047 In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tap_get_user calls virtio_net_hdr_to_skb the skb->dev is null (in tap.c skb->dev is set after the call to virtio_net_hdr_to_skb) virtio_net_hdr_to_skb calls dev_parse_header_protocol which needs skb->dev field to be valid. The line that trigers the bug is in dev_parse_header_protocol (dev is at offset 0x10 from skb and is stored in RAX register) if (!dev->header_ops || !dev->header_ops->parse_protocol) 22e1: mov 0x10(%rbx),%rax 22e5: mov 0x230(%rax),%rax Setting skb->dev before the call in tap.c fixes the issue. BUG: kernel NULL pointer dereference, address: 0000000000000230 RIP: 0010:virtio_net_hdr_to_skb.constprop.0+0x335/0x410 [tap] Code: c0 0f 85 b7 fd ff ff eb d4 41 39 c6 77 cf 29 c6 48 89 df 44 01 f6 e8 7a 79 83 c1 48 85 c0 0f 85 d9 fd ff ff eb b7 48 8b 43 10 <48> 8b 80 30 02 00 00 48 85 c0 74 55 48 8b 40 28 48 85 c0 74 4c 48 RSP: 0018:ffffc90005c27c38 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888298f25300 RCX: 0000000000000010 RDX: 0000000000000005 RSI: ffffc90005c27cb6 RDI: ffff888298f25300 RBP: ffffc90005c27c80 R08: 00000000ffffffea R09: 00000000000007e8 R10: ffff88858ec77458 R11: 0000000000000000 R12: 0000000000000001 R13: 0000000000000014 R14: ffffc90005c27e08 R15: ffffc90005c27cb6 FS: 0000000000000000(0000) GS:ffff88858ec40000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000230 CR3: 0000000281408006 CR4: 00000000003706e0 Call Trace: tap_get_user+0x3f1/0x540 [tap] tap_sendmsg+0x56/0x362 [tap] ? get_tx_bufs+0xc2/0x1e0 [vhost_net] handle_tx_copy+0x114/0x670 [vhost_net] handle_tx+0xb0/0xe0 [vhost_net] handle_tx_kick+0x15/0x20 [vhost_net] vhost_worker+0x7b/0xc0 [vhost] ? vhost_vring_call_reset+0x40/0x40 [vhost] kthread+0xfa/0x120 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 CVE-2022-50073 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50073.html CVE-2022-50073 https://bugzilla.suse.com/1244978 SUSE Bug 1244978 In the Linux kernel, the following vulnerability has been resolved: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inode_size is not less than EXT4_GOOD_OLD_INODE_SIZE + extra_isize + pad. Otherwise, the end position may be greater than the start position, resulting in UAF. CVE-2022-50083 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50083.html CVE-2022-50083 https://bugzilla.suse.com/1244968 SUSE Bug 1244968 In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid ================================================================== BUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid] Read of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319 CPU: 0 PID: 13319 Comm: lvcreate Not tainted 5.18.0-0.rc3.<snip> #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 Call Trace: <TASK> dump_stack_lvl+0x6a/0x9c print_address_description.constprop.0+0x1f/0x1e0 print_report.cold+0x55/0x244 kasan_report+0xc9/0x100 raid_status+0x1747/0x2820 [dm_raid] dm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod] table_load+0x35c/0x630 [dm_mod] ctl_ioctl+0x411/0x630 [dm_mod] dm_ctl_ioctl+0xa/0x10 [dm_mod] __x64_sys_ioctl+0x12a/0x1a0 do_syscall_64+0x5b/0x80 The warning is caused by reading conf->max_nr_stripes in raid_status. The code in raid_status reads mddev->private, casts it to struct r5conf and reads the entry max_nr_stripes. However, if we have different raid type than 4/5/6, mddev->private doesn't point to struct r5conf; it may point to struct r0conf, struct r1conf, struct r10conf or struct mpconf. If we cast a pointer to one of these structs to struct r5conf, we will be reading invalid memory and KASAN warns about it. Fix this bug by reading struct r5conf only if raid type is 4, 5 or 6. CVE-2022-50084 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50084.html CVE-2022-50084 https://bugzilla.suse.com/1245117 SUSE Bug 1245117 In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev->raid_disks is greater than rs->raid_disks, so the loop touches one entry beyond the allocated length. CVE-2022-50085 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50085.html CVE-2022-50085 https://bugzilla.suse.com/1245147 SUSE Bug 1245147 In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails. CVE-2022-50087 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50087.html CVE-2022-50087 https://bugzilla.suse.com/1245119 SUSE Bug 1245119 https://bugzilla.suse.com/1245294 SUSE Bug 1245294 In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by the early_param() function csdlock_debug(). If set, csdlock_debug() invokes static_branch_enable() to enable csd_lock_wait feature, which triggers a panic on arm64 for kernels built with CONFIG_SPARSEMEM=y and CONFIG_SPARSEMEM_VMEMMAP=n. With CONFIG_SPARSEMEM_VMEMMAP=n, __nr_to_section is called in static_key_enable() and returns NULL, resulting in a NULL dereference because mem_section is initialized only later in sparse_init(). This is also a problem for powerpc because early_param() functions are invoked earlier than jump_label_init(), also resulting in static_key_enable() failures. These failures cause the warning "static key 'xxx' used before call to jump_label_init()". Thus, early_param is too early for csd_lock_wait to run static_branch_enable(), so changes it to __setup to fix these. CVE-2022-50091 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50091.html CVE-2022-50091 https://bugzilla.suse.com/1244885 SUSE Bug 1244885 In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size 8 at addr ffff8881b9d50068 by task dmsetup/950 CPU: 7 PID: 950 Comm: dmsetup Tainted: G W 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_address_description.constprop.0.cold+0xeb/0x3f4 kasan_report.cold+0xe6/0x147 dm_pool_register_metadata_threshold+0x40/0x80 pool_ctr+0xa0a/0x1150 dm_table_add_target+0x2c8/0x640 table_load+0x1fd/0x430 ctl_ioctl+0x2c4/0x5a0 dm_ctl_ioctl+0xa/0x10 __x64_sys_ioctl+0xb3/0xd0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 This can be easily reproduced using: echo offline > /sys/block/sda/device/state dd if=/dev/zero of=/dev/mapper/thin bs=4k count=10 dmsetup load pool --table "0 20971520 thin-pool /dev/sda /dev/sdb 128 0 0" If a metadata commit fails, the transaction will be aborted and the metadata space maps will be destroyed. If a DM table reload then happens for this failed thin-pool, a use-after-free will occur in dm_sm_register_threshold_callback (called from dm_pool_register_metadata_threshold). Fix this by in dm_pool_register_metadata_threshold() by returning the -EINVAL error if the thin-pool is in fail mode. Also fail pool_ctr() with a new error message: "Error registering metadata threshold". CVE-2022-50092 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50092.html CVE-2022-50092 https://bugzilla.suse.com/1244848 SUSE Bug 1244848 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) KASAN reports: [ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) [ 4.676149][ T0] Read of size 8 at addr 1fffffff85115558 by task swapper/0/0 [ 4.683454][ T0] [ 4.685638][ T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc3-00004-g0e862838f290 #1 [ 4.694331][ T0] Hardware name: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 03/02/2016 [ 4.703196][ T0] Call Trace: [ 4.706334][ T0] <TASK> [ 4.709133][ T0] ? dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/asm/bitops.h:226 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/nodemask.h:415 drivers/iommu/intel/dmar.c:497) after converting the type of the first argument (@nr, bit number) of arch_test_bit() from `long` to `unsigned long`[0]. Under certain conditions (for example, when ACPI NUMA is disabled via command line), pxm_to_node() can return %NUMA_NO_NODE (-1). It is valid 'magic' number of NUMA node, but not valid bit number to use in bitops. node_online() eventually descends to test_bit() without checking for the input, assuming it's on caller side (which might be good for perf-critical tasks). There, -1 becomes %ULONG_MAX which leads to an insane array index when calculating bit position in memory. For now, add an explicit check for @node being not %NUMA_NO_NODE before calling test_bit(). The actual logics didn't change here at all. [0] https://github.com/norov/linux/commit/0e862838f290147ea9c16db852d8d494b552d38d CVE-2022-50093 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50093.html CVE-2022-50093 https://bugzilla.suse.com/1244849 SUSE Bug 1244849 In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions trace_spmi_write_begin() and trace_spmi_read_end() both call memcpy() with a length of "len + 1". This leads to one extra byte being read beyond the end of the specified buffer. Fix this out-of-bound memory access by using a length of "len" instead. Here is a KASAN log showing the issue: BUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234 Read of size 2 at addr ffffffc0265b7540 by task thermal@2.0-ser/1314 ... Call trace: dump_backtrace+0x0/0x3e8 show_stack+0x2c/0x3c dump_stack_lvl+0xdc/0x11c print_address_description+0x74/0x384 kasan_report+0x188/0x268 kasan_check_range+0x270/0x2b0 memcpy+0x90/0xe8 trace_event_raw_event_spmi_read_end+0x1d0/0x234 spmi_read_cmd+0x294/0x3ac spmi_ext_register_readl+0x84/0x9c regmap_spmi_ext_read+0x144/0x1b0 [regmap_spmi] _regmap_raw_read+0x40c/0x754 regmap_raw_read+0x3a0/0x514 regmap_bulk_read+0x418/0x494 adc5_gen3_poll_wait_hs+0xe8/0x1e0 [qcom_spmi_adc5_gen3] ... __arm64_sys_read+0x4c/0x60 invoke_syscall+0x80/0x218 el0_svc_common+0xec/0x1c8 ... addr ffffffc0265b7540 is located in stack of task thermal@2.0-ser/1314 at offset 32 in frame: adc5_gen3_poll_wait_hs+0x0/0x1e0 [qcom_spmi_adc5_gen3] this frame has 1 object: [32, 33) 'status' Memory state around the buggy address: ffffffc0265b7400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 ffffffc0265b7480: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffc0265b7500: 00 00 00 00 f1 f1 f1 f1 01 f3 f3 f3 00 00 00 00 ^ ffffffc0265b7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0265b7600: f1 f1 f1 f1 01 f2 07 f2 f2 f2 01 f3 00 00 00 00 ================================================================== CVE-2022-50094 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50094.html CVE-2022-50094 https://bugzilla.suse.com/1244851 SUSE Bug 1244851 In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 54.083733] BUG: unable to handle page fault for address: ffffc90003000000 [ 54.083742] #PF: supervisor write access in kernel mode [ 54.083744] #PF: error_code(0x0002) - not-present page [ 54.083760] RIP: 0010:memset_orig+0x33/0xb0 [ 54.083782] Call Trace: [ 54.083788] s3fb_set_par+0x1ec6/0x4040 [ 54.083806] fb_set_var+0x604/0xeb0 [ 54.083836] do_fb_ioctl+0x234/0x670 Fix the this by checking the value of 'screen_size' before memset_io(). CVE-2022-50097 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50097.html CVE-2022-50097 https://bugzilla.suse.com/1244845 SUSE Bug 1244845 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. If that is not possible fail the escalation path. Following crash stack was seen: BUG: unable to handle kernel paging request at 0000002f56aa90f8 IP: qla_chk_edif_rx_sa_delete_pending+0x14/0x30 [qla2xxx] Call Trace: ? qla2x00_status_entry+0x19f/0x1c50 [qla2xxx] ? qla2x00_start_sp+0x116/0x1170 [qla2xxx] ? dma_pool_alloc+0x1d6/0x210 ? mempool_alloc+0x54/0x130 ? qla24xx_process_response_queue+0x548/0x12b0 [qla2xxx] ? qla_do_work+0x2d/0x40 [qla2xxx] ? process_one_work+0x14c/0x390 CVE-2022-50098 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50098.html CVE-2022-50098 https://bugzilla.suse.com/1244841 SUSE Bug 1244841 In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 659.399066] BUG: unable to handle page fault for address: ffffc90003000000 [ 659.399077] #PF: supervisor write access in kernel mode [ 659.399079] #PF: error_code(0x0002) - not-present page [ 659.399094] RIP: 0010:memset_orig+0x33/0xb0 [ 659.399116] Call Trace: [ 659.399122] arkfb_set_par+0x143f/0x24c0 [ 659.399130] fb_set_var+0x604/0xeb0 [ 659.399161] do_fb_ioctl+0x234/0x670 [ 659.399189] fb_ioctl+0xdd/0x130 Fix the this by checking the value of 'screen_size' before memset_io(). CVE-2022-50099 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50099.html CVE-2022-50099 https://bugzilla.suse.com/1244842 SUSE Bug 1244842 In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vt8623fb: Check the size of screen before memset_io() In the function vt8623fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of 'screen_size' may larger than 'info->screen_size', which may cause the following bug: [ 583.339036] BUG: unable to handle page fault for address: ffffc90005000000 [ 583.339049] #PF: supervisor write access in kernel mode [ 583.339052] #PF: error_code(0x0002) - not-present page [ 583.339074] RIP: 0010:memset_orig+0x33/0xb0 [ 583.339110] Call Trace: [ 583.339118] vt8623fb_set_par+0x11cd/0x21e0 [ 583.339146] fb_set_var+0x604/0xeb0 [ 583.339181] do_fb_ioctl+0x234/0x670 [ 583.339209] fb_ioctl+0xdd/0x130 Fix the this by checking the value of 'screen_size' before memset_io(). CVE-2022-50101 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50101.html CVE-2022-50101 https://bugzilla.suse.com/1244839 SUSE Bug 1244839 In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug in: drivers/video/fbdev/arkfb.c:784: ark_set_pixclock(info, (hdiv * info->var.pixclock) / hmul); with hdiv=1, pixclock=1 and hmul=2 you end up with (1*1)/2 = (int) 0. and then in: drivers/video/fbdev/arkfb.c:504: rv = dac_set_freq(par->dac, 0, 1000000000 / pixclock); we'll get a division-by-zero. The following log can reveal it: divide error: 0000 [#1] PREEMPT SMP KASAN PTI RIP: 0010:ark_set_pixclock drivers/video/fbdev/arkfb.c:504 [inline] RIP: 0010:arkfb_set_par+0x10fc/0x24c0 drivers/video/fbdev/arkfb.c:784 Call Trace: fb_set_var+0x604/0xeb0 drivers/video/fbdev/core/fbmem.c:1034 do_fb_ioctl+0x234/0x670 drivers/video/fbdev/core/fbmem.c:1110 fb_ioctl+0xdd/0x130 drivers/video/fbdev/core/fbmem.c:1189 Fix this by checking the argument of ark_set_pixclock() first. CVE-2022-50102 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50102.html CVE-2022-50102 https://bugzilla.suse.com/1244838 SUSE Bug 1244838 In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_get_max_prio of_find_node_by_path() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. CVE-2022-50104 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50104.html CVE-2022-50104 https://bugzilla.suse.com/1244836 SUSE Bug 1244836 In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcount leak bugs In clcdfb_of_init_display(), we should call of_node_put() for the references returned by of_graph_get_next_endpoint() and of_graph_get_remote_port_parent() which have increased the refcount. Besides, we should call of_node_put() both in fail path or when the references are not used anymore. CVE-2022-50109 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50109.html CVE-2022-50109 https://bugzilla.suse.com/1244884 SUSE Bug 1244884 In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata(): jbd2_journal_commit_transaction unlink(dir/a) jh->b_transaction = trans1 jh->b_jlist = BJ_Metadata journal->j_running_transaction = NULL trans1->t_state = T_COMMIT unlink(dir/b) handle->h_trans = trans2 do_get_write_access jh->b_modified = 0 jh->b_frozen_data = frozen_buffer jh->b_next_transaction = trans2 jbd2_journal_dirty_metadata is_handle_aborted is_journal_aborted // return false --> jbd2 abort <-- while (commit_transaction->t_buffers) if (is_journal_aborted) jbd2_journal_refile_buffer __jbd2_journal_refile_buffer WRITE_ONCE(jh->b_transaction, jh->b_next_transaction) WRITE_ONCE(jh->b_next_transaction, NULL) __jbd2_journal_file_buffer(jh, BJ_Reserved) J_ASSERT_JH(jh, jh->b_frozen_data == NULL) // assertion failure ! The reproducer (See detail in [Link]) reports: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1629! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 2 PID: 584 Comm: unlink Tainted: G W 5.19.0-rc6-00115-g4a57a8400075-dirty #697 RIP: 0010:jbd2_journal_dirty_metadata+0x3c5/0x470 RSP: 0018:ffffc90000be7ce0 EFLAGS: 00010202 Call Trace: <TASK> __ext4_handle_dirty_metadata+0xa0/0x290 ext4_handle_dirty_dirblock+0x10c/0x1d0 ext4_delete_entry+0x104/0x200 __ext4_unlink+0x22b/0x360 ext4_unlink+0x275/0x390 vfs_unlink+0x20b/0x4c0 do_unlinkat+0x42f/0x4c0 __x64_sys_unlink+0x37/0x50 do_syscall_64+0x35/0x80 After journal aborting, __jbd2_journal_refile_buffer() is executed with holding @jh->b_state_lock, we can fix it by moving 'is_handle_aborted()' into the area protected by @jh->b_state_lock. CVE-2022-50126 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50126.html CVE-2022-50126 https://bugzilla.suse.com/1244813 SUSE Bug 1244813 In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() setup_base_ctxt() allocates a memory chunk for uctxt->groups with hfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups is not released, which will lead to a memory leak. We should release the uctxt->groups with hfi1_free_ctxt_rcv_groups() when init_user_ctxt() fails. CVE-2022-50134 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50134.html CVE-2022-50134 https://bugzilla.suse.com/1244802 SUSE Bug 1244802 In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory leak. Add a cleanup-on-error path to fix these leaks. [bhelgaas: commit log] CVE-2022-50146 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50146.html CVE-2022-50146 https://bugzilla.suse.com/1244788 SUSE Bug 1244788 In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. CVE-2022-50152 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50152.html CVE-2022-50152 https://bugzilla.suse.com/1244783 SUSE Bug 1244783 In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. CVE-2022-50153 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50153.html CVE-2022-50153 https://bugzilla.suse.com/1244786 SUSE Bug 1244786 In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case. Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK stuff flagged in CI: WARNING: CPU: 0 PID: 282 at drivers/gpu/drm/drm_modeset_lock.c:296 drm_modeset_lock+0xf8/0x154 Modules linked in: CPU: 0 PID: 282 Comm: kms_cursor_lega Tainted: G W 5.19.0-rc2-15930-g875cc8bc536a #1 Hardware name: Qualcomm Technologies, Inc. DB820c (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : drm_modeset_lock+0xf8/0x154 lr : drm_atomic_get_private_obj_state+0x84/0x170 sp : ffff80000cfab6a0 x29: ffff80000cfab6a0 x28: 0000000000000000 x27: ffff000083bc4d00 x26: 0000000000000038 x25: 0000000000000000 x24: ffff80000957ca58 x23: 0000000000000000 x22: ffff000081ace080 x21: 0000000000000001 x20: ffff000081acec18 x19: ffff80000cfabb80 x18: 0000000000000038 x17: 0000000000000000 x16: 0000000000000000 x15: fffffffffffea0d0 x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 5f534b434f4c5f47 x11: ffff80000a386aa8 x10: 0000000000000029 x9 : ffff80000cfab610 x8 : 0000000000000029 x7 : 0000000000000014 x6 : 0000000000000000 x5 : 0000000000000001 x4 : ffff8000081ad904 x3 : 0000000000000029 x2 : ffff0000801db4c0 x1 : ffff80000cfabb80 x0 : ffff000081aceb58 Call trace: drm_modeset_lock+0xf8/0x154 drm_atomic_get_private_obj_state+0x84/0x170 mdp5_get_global_state+0x54/0x6c mdp5_pipe_release+0x2c/0xd4 mdp5_plane_atomic_check+0x2ec/0x414 drm_atomic_helper_check_planes+0xd8/0x210 drm_atomic_helper_check+0x54/0xb0 ... ---[ end trace 0000000000000000 ]--- drm_modeset_lock attempting to lock a contended lock without backoff: drm_modeset_lock+0x148/0x154 mdp5_get_global_state+0x30/0x6c mdp5_pipe_release+0x2c/0xd4 mdp5_plane_atomic_check+0x290/0x414 drm_atomic_helper_check_planes+0xd8/0x210 drm_atomic_helper_check+0x54/0xb0 drm_atomic_check_only+0x4b0/0x8f4 drm_atomic_commit+0x68/0xe0 Patchwork: https://patchwork.freedesktop.org/patch/492701/ CVE-2022-50173 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50173.html CVE-2022-50173 https://bugzilla.suse.com/1244992 SUSE Bug 1244992 In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem was in incorrect htc_handle->drv_priv initialization. Probable call trace which can trigger use-after-free: ath9k_htc_probe_device() /* htc_handle->drv_priv = priv; */ ath9k_htc_wait_for_target() <--- Failed ieee80211_free_hw() <--- priv pointer is freed <IRQ> ... ath9k_hif_usb_rx_cb() ath9k_hif_usb_rx_stream() RX_STAT_INC() <--- htc_handle->drv_priv access In order to not add fancy protection for drv_priv we can move htc_handle->drv_priv initialization at the end of the ath9k_htc_probe_device() and add helper macro to make all *_STAT_* macros NULL safe, since syzbot has reported related NULL deref in that macros [1] CVE-2022-50179 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50179.html CVE-2022-50179 https://bugzilla.suse.com/1244886 SUSE Bug 1244886 In the Linux kernel, the following vulnerability has been resolved: virtio-gpu: fix a missing check to avoid NULL dereference 'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset() and it will lead to a NULL dereference by a lately use of it (i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check. [ kraxel: minor codestyle fixup ] CVE-2022-50181 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50181.html CVE-2022-50181 https://bugzilla.suse.com/1244901 SUSE Bug 1244901 In the Linux kernel, the following vulnerability has been resolved: selinux: Add boundary check in put_entry() Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access. CVE-2022-50200 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50200.html CVE-2022-50200 https://bugzilla.suse.com/1245149 SUSE Bug 1245149 In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insn_emulation sysctls emulation_proc_handler() changes table->data for proc_dointvec_minmax and can generate the following Oops if called concurrently with itself: | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 | Internal error: Oops: 96000006 [#1] SMP | Call trace: | update_insn_emulation_mode+0xc0/0x148 | emulation_proc_handler+0x64/0xb8 | proc_sys_call_handler+0x9c/0xf8 | proc_sys_write+0x18/0x20 | __vfs_write+0x20/0x48 | vfs_write+0xe4/0x1d0 | ksys_write+0x70/0xf8 | __arm64_sys_write+0x20/0x28 | el0_svc_common.constprop.0+0x7c/0x1c0 | el0_svc_handler+0x2c/0xa0 | el0_svc+0x8/0x200 To fix this issue, keep the table->data as &insn->current_mode and use container_of() to retrieve the insn pointer. Another mutex is used to protect against the current_mode update but not for retrieving insn_emulation as table->data is no longer changing. CVE-2022-50206 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50206.html CVE-2022-50206 https://bugzilla.suse.com/1245152 SUSE Bug 1245152 In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10_remove_disk when running the lvm test lvconvert-raid-reshape.sh. We fix this warning by verifying that the value "number" is valid. BUG: KASAN: slab-out-of-bounds in raid10_remove_disk+0x61/0x2a0 [raid10] Read of size 8 at addr ffff889108f3d300 by task mdX_raid10/124682 CPU: 3 PID: 124682 Comm: mdX_raid10 Not tainted 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report.cold+0x45/0x57a ? __lock_text_start+0x18/0x18 ? raid10_remove_disk+0x61/0x2a0 [raid10] kasan_report+0xa8/0xe0 ? raid10_remove_disk+0x61/0x2a0 [raid10] raid10_remove_disk+0x61/0x2a0 [raid10] Buffer I/O error on dev dm-76, logical block 15344, async page read ? __mutex_unlock_slowpath.constprop.0+0x1e0/0x1e0 remove_and_add_spares+0x367/0x8a0 [md_mod] ? super_written+0x1c0/0x1c0 [md_mod] ? mutex_trylock+0xac/0x120 ? _raw_spin_lock+0x72/0xc0 ? _raw_spin_lock_bh+0xc0/0xc0 md_check_recovery+0x848/0x960 [md_mod] raid10d+0xcf/0x3360 [raid10] ? sched_clock_cpu+0x185/0x1a0 ? rb_erase+0x4d4/0x620 ? var_wake_function+0xe0/0xe0 ? psi_group_change+0x411/0x500 ? preempt_count_sub+0xf/0xc0 ? _raw_spin_lock_irqsave+0x78/0xc0 ? __lock_text_start+0x18/0x18 ? raid10_sync_request+0x36c0/0x36c0 [raid10] ? preempt_count_sub+0xf/0xc0 ? _raw_spin_unlock_irqrestore+0x19/0x40 ? del_timer_sync+0xa9/0x100 ? try_to_del_timer_sync+0xc0/0xc0 ? _raw_spin_lock_irqsave+0x78/0xc0 ? __lock_text_start+0x18/0x18 ? _raw_spin_unlock_irq+0x11/0x24 ? __list_del_entry_valid+0x68/0xa0 ? finish_wait+0xa3/0x100 md_thread+0x161/0x260 [md_mod] ? unregister_md_personality+0xa0/0xa0 [md_mod] ? _raw_spin_lock_irqsave+0x78/0xc0 ? prepare_to_wait_event+0x2c0/0x2c0 ? unregister_md_personality+0xa0/0xa0 [md_mod] kthread+0x148/0x180 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK> Allocated by task 124495: kasan_save_stack+0x1e/0x40 __kasan_kmalloc+0x80/0xa0 setup_conf+0x140/0x5c0 [raid10] raid10_run+0x4cd/0x740 [raid10] md_run+0x6f9/0x1300 [md_mod] raid_ctr+0x2531/0x4ac0 [dm_raid] dm_table_add_target+0x2b0/0x620 [dm_mod] table_load+0x1c8/0x400 [dm_mod] ctl_ioctl+0x29e/0x560 [dm_mod] dm_compat_ctl_ioctl+0x7/0x20 [dm_mod] __do_compat_sys_ioctl+0xfa/0x160 do_syscall_64+0x90/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x9e/0xc0 kvfree_call_rcu+0x84/0x480 timerfd_release+0x82/0x140 L __fput+0xfa/0x400 task_work_run+0x80/0xc0 exit_to_user_mode_prepare+0x155/0x160 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x42/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Second to last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x9e/0xc0 kvfree_call_rcu+0x84/0x480 timerfd_release+0x82/0x140 __fput+0xfa/0x400 task_work_run+0x80/0xc0 exit_to_user_mode_prepare+0x155/0x160 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x42/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The buggy address belongs to the object at ffff889108f3d200 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 0 bytes to the right of 256-byte region [ffff889108f3d200, ffff889108f3d300) The buggy address belongs to the physical page: page:000000007ef2a34c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108f3c head:000000007ef2a34c order:2 compound_mapcount:0 compound_pincount:0 flags: 0x4000000000010200(slab|head|zone=2) raw: 4000000000010200 0000000000000000 dead000000000001 ffff889100042b40 raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff889108f3d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff889108f3d280: 00 00 ---truncated--- CVE-2022-50211 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50211.html CVE-2022-50211 https://bugzilla.suse.com/1245140 SUSE Bug 1245140 https://bugzilla.suse.com/1245141 SUSE Bug 1245141 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not allow SET_ID to refer to another table When doing lookups for sets on the same batch by using its ID, a set from a different table can be used. Then, when the table is removed, a reference to the set may be kept after the set is freed, leading to a potential use-after-free. When looking for sets by ID, use the table that was used for the lookup by name, and only return sets belonging to that same table. This fixes CVE-2022-2586, also reported as ZDI-CAN-17470. CVE-2022-50213 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50213.html CVE-2022-50213 https://bugzilla.suse.com/1244867 SUSE Bug 1244867 In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Allow waiting for commands to complete on removed device When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before the removal. This is problematic for commands that use SG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel when userspace frees or reuses it after getting ENODEV, leading to corrupted userspace memory (in the case of READ-type commands) or corrupted data being sent to the device (in the case of WRITE-type commands). This has been seen in practice when logging out of a iscsi_tcp session, where the iSCSI driver may still be processing commands after the device has been marked for removal. Change the policy to allow userspace to wait for active sg commands even when the device is being removed. Return -ENODEV only when there are no more responses to read. CVE-2022-50215 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50215.html CVE-2022-50215 https://bugzilla.suse.com/1245138 SUSE Bug 1245138 In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which may sleep. On disconnect, completion of the work was originally awaited in ->ndo_stop(). But in 2003, that was moved to ->disconnect() by historic commit "[PATCH] USB: usbnet, prevent exotic rtnl deadlock": https://git.kernel.org/tglx/history/c/0f138bbfd83c The change was made because back then, the kernel's workqueue implementation did not allow waiting for a single work. One had to wait for completion of *all* work by calling flush_scheduled_work(), and that could deadlock when waiting for usbnet_deferred_kevent() with rtnl_mutex held in ->ndo_stop(). The commit solved one problem but created another: It causes a use-after-free in USB Ethernet drivers aqc111.c, asix_devices.c, ax88179_178a.c, ch9200.c and smsc75xx.c: * If the drivers receive a link change interrupt immediately before disconnect, they raise EVENT_LINK_RESET in their (non-sleepable) ->status() callback and schedule usbnet_deferred_kevent(). * usbnet_deferred_kevent() invokes the driver's ->link_reset() callback, which calls netif_carrier_{on,off}(). * That in turn schedules the work linkwatch_event(). Because usbnet_deferred_kevent() is awaited after unregister_netdev(), netif_carrier_{on,off}() may operate on an unregistered netdev and linkwatch_event() may run after free_netdev(), causing a use-after-free. In 2010, usbnet was changed to only wait for a single instance of usbnet_deferred_kevent() instead of *all* work by commit 23f333a2bfaf ("drivers/net: don't use flush_scheduled_work()"). Unfortunately the commit neglected to move the wait back to ->ndo_stop(). Rectify that omission at long last. CVE-2022-50220 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2022-50220.html CVE-2022-50220 https://bugzilla.suse.com/1245348 SUSE Bug 1245348 A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. CVE-2023-1989 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-1989.html CVE-2023-1989 https://bugzilla.suse.com/1210336 SUSE Bug 1210336 https://bugzilla.suse.com/1210500 SUSE Bug 1210500 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). CVE-2023-3111 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-3111.html CVE-2023-3111 https://bugzilla.suse.com/1212051 SUSE Bug 1212051 https://bugzilla.suse.com/1220015 SUSE Bug 1220015 In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed when we receive the response. CVE-2023-52500 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-52500.html CVE-2023-52500 https://bugzilla.suse.com/1220883 SUSE Bug 1220883 In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl. CVE-2023-52927 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-52927.html CVE-2023-52927 https://bugzilla.suse.com/1239644 SUSE Bug 1239644 https://bugzilla.suse.com/1246016 SUSE Bug 1246016 In the Linux kernel, the following vulnerability has been resolved: l2tp: close all race conditions in l2tp_tunnel_register() The code in l2tp_tunnel_register() is racy in several ways: 1. It modifies the tunnel socket _after_ publishing it. 2. It calls setup_udp_tunnel_sock() on an existing socket without locking. 3. It changes sock lock class on fly, which triggers many syzbot reports. This patch amends all of them by moving socket initialization code before publishing and under sock lock. As suggested by Jakub, the l2tp lockdep class is not necessary as we can just switch to bh_lock_sock_nested(). CVE-2023-53020 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-53020.html CVE-2023-53020 https://bugzilla.suse.com/1240224 SUSE Bug 1240224 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2023-53063 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-53063.html CVE-2023-53063 https://bugzilla.suse.com/1242216 SUSE Bug 1242216 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after failed write When buffered write fails to copy data into underlying page cache page, ocfs2_write_end_nolock() just zeroes out and dirties the page. This can leave dirty page beyond EOF and if page writeback tries to write this page before write succeeds and expands i_size, page gets into inconsistent state where page dirty bit is clear but buffer dirty bits stay set resulting in page data never getting written and so data copied to the page is lost. Fix the problem by invalidating page beyond EOF after failed write. CVE-2023-53081 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-53081.html CVE-2023-53081 https://bugzilla.suse.com/1242281 SUSE Bug 1242281 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix an illegal memory access In the kfd_wait_on_events() function, the kfd_event_waiter structure is allocated by alloc_event_waiters(), but the event field of the waiter structure is not initialized; When copy_from_user() fails in the kfd_wait_on_events() function, it will enter exception handling to release the previously allocated memory of the waiter structure; Due to the event field of the waiters structure being accessed in the free_waiters() function, this results in illegal memory access and system crash, here is the crash log: localhost kernel: RIP: 0010:native_queued_spin_lock_slowpath+0x185/0x1e0 localhost kernel: RSP: 0018:ffffaa53c362bd60 EFLAGS: 00010082 localhost kernel: RAX: ff3d3d6bff4007cb RBX: 0000000000000282 RCX: 00000000002c0000 localhost kernel: RDX: ffff9e855eeacb80 RSI: 000000000000279c RDI: ffffe7088f6a21d0 localhost kernel: RBP: ffffe7088f6a21d0 R08: 00000000002c0000 R09: ffffaa53c362be64 localhost kernel: R10: ffffaa53c362bbd8 R11: 0000000000000001 R12: 0000000000000002 localhost kernel: R13: ffff9e7ead15d600 R14: 0000000000000000 R15: ffff9e7ead15d698 localhost kernel: FS: 0000152a3d111700(0000) GS:ffff9e855ee80000(0000) knlGS:0000000000000000 localhost kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 localhost kernel: CR2: 0000152938000010 CR3: 000000044d7a4000 CR4: 00000000003506e0 localhost kernel: Call Trace: localhost kernel: _raw_spin_lock_irqsave+0x30/0x40 localhost kernel: remove_wait_queue+0x12/0x50 localhost kernel: kfd_wait_on_events+0x1b6/0x490 [hydcu] localhost kernel: ? ftrace_graph_caller+0xa0/0xa0 localhost kernel: kfd_ioctl+0x38c/0x4a0 [hydcu] localhost kernel: ? kfd_ioctl_set_trap_handler+0x70/0x70 [hydcu] localhost kernel: ? kfd_ioctl_create_queue+0x5a0/0x5a0 [hydcu] localhost kernel: ? ftrace_graph_caller+0xa0/0xa0 localhost kernel: __x64_sys_ioctl+0x8e/0xd0 localhost kernel: ? syscall_trace_enter.isra.18+0x143/0x1b0 localhost kernel: do_syscall_64+0x33/0x80 localhost kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9 localhost kernel: RIP: 0033:0x152a4dff68d7 Allocate the structure with kcalloc, and remove redundant 0-initialization and a redundant loop condition check. CVE-2023-53090 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-53090.html CVE-2023-53090 https://bugzilla.suse.com/1242753 SUSE Bug 1242753 In the Linux kernel, the following vulnerability has been resolved: ext4: update s_journal_inum if it changes after journal replay When mounting a crafted ext4 image, s_journal_inum may change after journal replay, which is obviously unreasonable because we have successfully loaded and replayed the journal through the old s_journal_inum. And the new s_journal_inum bypasses some of the checks in ext4_get_journal(), which may trigger a null pointer dereference problem. So if s_journal_inum changes after the journal replay, we ignore the change, and rewrite the current journal_inum to the superblock. CVE-2023-53091 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-53091.html CVE-2023-53091 https://bugzilla.suse.com/1242767 SUSE Bug 1242767 In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() When the buffer length of the recvmsg system call is 0, we got the flollowing soft lockup problem: watchdog: BUG: soft lockup - CPU#3 stuck for 27s! [a.out:6149] CPU: 3 PID: 6149 Comm: a.out Kdump: loaded Not tainted 6.2.0+ #30 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:remove_wait_queue+0xb/0xc0 Code: 5e 41 5f c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 57 <41> 56 41 55 41 54 55 48 89 fd 53 48 89 f3 4c 8d 6b 18 4c 8d 73 20 RSP: 0018:ffff88811b5978b8 EFLAGS: 00000246 RAX: 0000000000000000 RBX: ffff88811a7d3780 RCX: ffffffffb7a4d768 RDX: dffffc0000000000 RSI: ffff88811b597908 RDI: ffff888115408040 RBP: 1ffff110236b2f1b R08: 0000000000000000 R09: ffff88811a7d37e7 R10: ffffed10234fa6fc R11: 0000000000000001 R12: ffff88811179b800 R13: 0000000000000001 R14: ffff88811a7d38a8 R15: ffff88811a7d37e0 FS: 00007f6fb5398740(0000) GS:ffff888237180000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000010b6ba002 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> tcp_msg_wait_data+0x279/0x2f0 tcp_bpf_recvmsg_parser+0x3c6/0x490 inet_recvmsg+0x280/0x290 sock_recvmsg+0xfc/0x120 ____sys_recvmsg+0x160/0x3d0 ___sys_recvmsg+0xf0/0x180 __sys_recvmsg+0xea/0x1a0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc The logic in tcp_bpf_recvmsg_parser is as follows: msg_bytes_ready: copied = sk_msg_recvmsg(sk, psock, msg, len, flags); if (!copied) { wait data; goto msg_bytes_ready; } In this case, "copied" always is 0, the infinite loop occurs. According to the Linux system call man page, 0 should be returned in this case. Therefore, in tcp_bpf_recvmsg_parser(), if the length is 0, directly return. Also modify several other functions with the same problem. CVE-2023-53133 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-53133.html CVE-2023-53133 https://bugzilla.suse.com/1242423 SUSE Bug 1242423 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove. CVE-2023-53145 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2023-53145.html CVE-2023-53145 https://bugzilla.suse.com/1243047 SUSE Bug 1243047 In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a different TCAM region where the filters are stored. During forwarding, the ACLs are sequentially evaluated until a match is found. One reason to place filters in different regions is when they are added with decreasing priorities and in an alternating order so that two consecutive filters can never fit in the same region because of their key usage. In Spectrum-2 and newer ASICs the firmware started to report that the maximum number of ACLs in a group is more than 16, but the layout of the register that configures ACL groups (PAGT) was not updated to account for that. It is therefore possible to hit stack corruption [1] in the rare case where more than 16 ACLs in a group are required. Fix by limiting the maximum ACL group size to the minimum between what the firmware reports and the maximum ACLs that fit in the PAGT register. Add a test case to make sure the machine does not crash when this condition is hit. [1] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120 [...] dump_stack_lvl+0x36/0x50 panic+0x305/0x330 __stack_chk_fail+0x15/0x20 mlxsw_sp_acl_tcam_group_update+0x116/0x120 mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110 mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b CVE-2024-26586 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2024-26586.html CVE-2024-26586 https://bugzilla.suse.com/1220243 SUSE Bug 1220243 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received. However, the NCI device may be deallocated before that which leads to skb leak. As by design the rx_data_reassembly skb is bound to the NCI device and nothing prevents the device to be freed before the skb is processed in some way and cleaned, free it on the NCI device cleanup. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. CVE-2024-26825 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2024-26825.html CVE-2024-26825 https://bugzilla.suse.com/1223065 SUSE Bug 1223065 In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt device is fully setup and a race condition upon error may leave a partially setup event handler in place. Instead, only register the event handler after srpt device initialization is complete. CVE-2024-26872 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2024-26872.html CVE-2024-26872 https://bugzilla.suse.com/1223115 SUSE Bug 1223115 In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2_context_set_notify [Syzbot reported] BUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 Read of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline] pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272 Freed by task 906: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inline] slab_free mm/slub.c:4299 [inline] kfree+0x105/0x340 mm/slub.c:4409 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline] pvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158 [Analyze] Task A set disconnect_flag = !0, which resulted in Task B's condition being met and releasing mp, leading to this issue. [Fix] Place the disconnect_flag assignment operation after all code in pvr2_context_disconnect() to avoid this issue. CVE-2024-26875 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2024-26875.html CVE-2024-26875 https://bugzilla.suse.com/1223118 SUSE Bug 1223118 In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns NULL in those cases. Remove manual sysfs node creation in favor of adding attribute group as default for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is not used here otherwise the path to the sysfs nodes is no longer compliant with the ABI. CVE-2024-35790 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2024-35790.html CVE-2024-35790 https://bugzilla.suse.com/1224712 SUSE Bug 1224712 In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arp_queue of the bridge. As skb->dev can be reset back to nf_bridge->physindev and used, and as there is no explicit mechanism that prevents this physindev from been freed under us (for instance neigh_flush_dev doesn't cleanup skbs from different device's neigh queue) we can crash on e.g. this stack: arp_process neigh_update skb = __skb_dequeue(&neigh->arp_queue) neigh_resolve_output(..., skb) ... br_nf_dev_xmit br_nf_pre_routing_finish_bridge_slow skb->dev = nf_bridge->physindev br_handle_frame_finish Let's use plain ifindex instead of net_device link. To peek into the original net_device we will use dev_get_by_index_rcu(). Thus either we get device and are safe to use it or we don't get it and drop skb. CVE-2024-35839 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2024-35839.html CVE-2024-35839 https://bugzilla.suse.com/1224726 SUSE Bug 1224726 In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly. CVE-2024-36959 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2024-36959.html CVE-2024-36959 https://bugzilla.suse.com/1225839 SUSE Bug 1225839 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem(). CVE-2024-38588 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2024-38588.html CVE-2024-38588 https://bugzilla.suse.com/1226837 SUSE Bug 1226837 In the Linux kernel, the following vulnerability has been resolved: xfrm: state: fix out-of-bounds read during lookup lookup and resize can run in parallel. The xfrm_state_hash_generation seqlock ensures a retry, but the hash functions can observe a hmask value that is too large for the new hlist array. rehash does: rcu_assign_pointer(net->xfrm.state_bydst, ndst) [..] net->xfrm.state_hmask = nhashmask; While state lookup does: h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family); hlist_for_each_entry_rcu(x, net->xfrm.state_bydst + h, bydst) { This is only safe in case the update to state_bydst is larger than net->xfrm.xfrm_state_hmask (or if the lookup function gets serialized via state spinlock again). Fix this by prefetching state_hmask and the associated pointers. The xfrm_state_hash_generation seqlock retry will ensure that the pointer and the hmask will be consistent. The existing helpers, like xfrm_dst_hash(), are now unsafe for RCU side, add lockdep assertions to document that they are only safe for insert side. xfrm_state_lookup_byaddr() uses the spinlock rather than RCU. AFAICS this is an oversight from back when state lookup was converted to RCU, this lock should be replaced with RCU in a future patch. CVE-2024-57982 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2024-57982.html CVE-2024-57982 https://bugzilla.suse.com/1237913 SUSE Bug 1237913 In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in function_stat_show() Check whether denominator expression x * (x - 1) * 1000 mod {2^32, 2^64} produce zero and skip stddev computation in that case. For now don't care about rec->counter * rec->counter overflow because rec->time * rec->time overflow will likely happen earlier. CVE-2025-21898 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-21898.html CVE-2025-21898 https://bugzilla.suse.com/1240610 SUSE Bug 1240610 In the Linux kernel, the following vulnerability has been resolved: vlan: enforce underlying device type Currently, VLAN devices can be created on top of non-ethernet devices. Besides the fact that it doesn't make much sense, this also causes a bug which leaks the address of a kernel function to usermode. When creating a VLAN device, we initialize GARP (garp_init_applicant) and MRP (mrp_init_applicant) for the underlying device. As part of the initialization process, we add the multicast address of each applicant to the underlying device, by calling dev_mc_add. __dev_mc_add uses dev->addr_len to determine the length of the new multicast address. This causes an out-of-bounds read if dev->addr_len is greater than 6, since the multicast addresses provided by GARP and MRP are only 6 bytes long. This behaviour can be reproduced using the following commands: ip tunnel add gretest mode ip6gre local ::1 remote ::2 dev lo ip l set up dev gretest ip link add link gretest name vlantest type vlan id 100 Then, the following command will display the address of garp_pdu_rcv: ip maddr show | grep 01:80:c2:00:00:21 Fix the bug by enforcing the type of the underlying device during VLAN device initialization. CVE-2025-21920 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-21920.html CVE-2025-21920 https://bugzilla.suse.com/1240686 SUSE Bug 1240686 In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal. CVE-2025-21971 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-21971.html CVE-2025-21971 https://bugzilla.suse.com/1240799 SUSE Bug 1240799 https://bugzilla.suse.com/1245794 SUSE Bug 1245794 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testing [1]. This issue can be reproduced if puting a 'mdelay(10)' after 'mutex_unlock(&trace_types_lock)' in s_start(), and executing the following script: $ echo function_graph > current_tracer $ cat trace > /dev/null & $ sleep 5 # Ensure the 'cat' reaches the 'mdelay(10)' point $ echo timerlat > current_tracer The root cause lies in the two calls to print_graph_function_flags within print_trace_line during each s_show(): * One through 'iter->trace->print_line()'; * Another through 'event->funcs->trace()', which is hidden in print_trace_fmt() before print_trace_line returns. Tracer switching only updates the former, while the latter continues to use the print_line function of the old tracer, which in the script above is print_graph_function_flags. Moreover, when switching from the 'function_graph' tracer to the 'timerlat' tracer, s_start only calls graph_trace_close of the 'function_graph' tracer to free 'iter->private', but does not set it to NULL. This provides an opportunity for 'event->funcs->trace()' to use an invalid 'iter->private'. To fix this issue, set 'iter->private' to NULL immediately after freeing it in graph_trace_close(), ensuring that an invalid pointer is not passed to other tracers. Additionally, clean up the unnecessary 'iter->private = NULL' during each 'cat trace' when using wakeup and irqsoff tracers. [1] https://lore.kernel.org/all/20231112150030.84609-1-ryncsn@gmail.com/ CVE-2025-22035 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-22035.html CVE-2025-22035 https://bugzilla.suse.com/1241544 SUSE Bug 1241544 In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can lead to a spurious tpm_chip_start() call: [35985.503771] i2c i2c-1: Transfer while suspended [35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810 [35985.503802] Modules linked in: [35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f [35985.503814] Tainted: [W]=WARN [35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023 [35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810 [35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5 [35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246 [35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000 [35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001 [35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820 [35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120 [35985.503846] FS: 0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000 [35985.503849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0 [35985.503855] Call Trace: [35985.503859] <TASK> [35985.503863] ? __warn+0xd4/0x260 [35985.503868] ? __i2c_transfer+0xbe/0x810 [35985.503874] ? report_bug+0xf3/0x210 [35985.503882] ? handle_bug+0x63/0xb0 [35985.503887] ? exc_invalid_op+0x16/0x50 [35985.503892] ? asm_exc_invalid_op+0x16/0x20 [35985.503904] ? __i2c_transfer+0xbe/0x810 [35985.503913] tpm_cr50_i2c_transfer_message+0x24/0xf0 [35985.503920] tpm_cr50_i2c_read+0x8e/0x120 [35985.503928] tpm_cr50_request_locality+0x75/0x170 [35985.503935] tpm_chip_start+0x116/0x160 [35985.503942] tpm_try_get_ops+0x57/0x90 [35985.503948] tpm_find_get_ops+0x26/0xd0 [35985.503955] tpm_get_random+0x2d/0x80 Don't move forward with tpm_chip_start() inside tpm_try_get_ops(), unless TPM_CHIP_FLAG_SUSPENDED is not set. tpm_find_get_ops() will return NULL in such a failure case. CVE-2025-23149 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-23149.html CVE-2025-23149 https://bugzilla.suse.com/1242758 SUSE Bug 1242758 In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago. Supporting disconnect is really hard, for one thing if offload is enabled we'd need to wait for all packets to be _acked_. Disconnect is not commonly used, disallow it. The immediate problem syzbot run into is the warning in the strp, but that's just the easiest bug to trigger: WARNING: CPU: 0 PID: 5834 at net/tls/tls_strp.c:486 tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486 RIP: 0010:tls_strp_msg_load+0x72e/0xa80 net/tls/tls_strp.c:486 Call Trace: <TASK> tls_rx_rec_wait+0x280/0xa60 net/tls/tls_sw.c:1363 tls_sw_recvmsg+0x85c/0x1c30 net/tls/tls_sw.c:2043 inet6_recvmsg+0x2c9/0x730 net/ipv6/af_inet6.c:678 sock_recvmsg_nosec net/socket.c:1023 [inline] sock_recvmsg+0x109/0x280 net/socket.c:1045 __sys_recvfrom+0x202/0x380 net/socket.c:2237 CVE-2025-37756 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37756.html CVE-2025-37756 https://bugzilla.suse.com/1242515 SUSE Bug 1242515 In the Linux kernel, the following vulnerability has been resolved: tipc: fix memory leak in tipc_link_xmit In case the backlog transmit queue for system-importance messages is overloaded, tipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to memory leak and failure when a skb is allocated. This commit fixes this issue by purging the skb list before tipc_link_xmit() returns. CVE-2025-37757 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37757.html CVE-2025-37757 https://bugzilla.suse.com/1242521 SUSE Bug 1242521 In the Linux kernel, the following vulnerability has been resolved: i2c: cros-ec-tunnel: defer probe if parent EC is not present When i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent device will not be found, leading to NULL pointer dereference. That can also be reproduced by unbinding the controller driver and then loading i2c-cros-ec-tunnel module (or binding the device). [ 271.991245] BUG: kernel NULL pointer dereference, address: 0000000000000058 [ 271.998215] #PF: supervisor read access in kernel mode [ 272.003351] #PF: error_code(0x0000) - not-present page [ 272.008485] PGD 0 P4D 0 [ 272.011022] Oops: Oops: 0000 [#1] SMP NOPTI [ 272.015207] CPU: 0 UID: 0 PID: 3859 Comm: insmod Tainted: G S 6.15.0-rc1-00004-g44722359ed83 #30 PREEMPT(full) 3c7fb39a552e7d949de2ad921a7d6588d3a4fdc5 [ 272.030312] Tainted: [S]=CPU_OUT_OF_SPEC [ 272.034233] Hardware name: HP Berknip/Berknip, BIOS Google_Berknip.13434.356.0 05/17/2021 [ 272.042400] RIP: 0010:ec_i2c_probe+0x2b/0x1c0 [i2c_cros_ec_tunnel] [ 272.048577] Code: 1f 44 00 00 41 57 41 56 41 55 41 54 53 48 83 ec 10 65 48 8b 05 06 a0 6c e7 48 89 44 24 08 4c 8d 7f 10 48 8b 47 50 4c 8b 60 78 <49> 83 7c 24 58 00 0f 84 2f 01 00 00 48 89 fb be 30 06 00 00 4c 9 [ 272.067317] RSP: 0018:ffffa32082a03940 EFLAGS: 00010282 [ 272.072541] RAX: ffff969580b6a810 RBX: ffff969580b68c10 RCX: 0000000000000000 [ 272.079672] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff969580b68c00 [ 272.086804] RBP: 00000000fffffdfb R08: 0000000000000000 R09: 0000000000000000 [ 272.093936] R10: 0000000000000000 R11: ffffffffc0600000 R12: 0000000000000000 [ 272.101067] R13: ffffffffa666fbb8 R14: ffffffffc05b5528 R15: ffff969580b68c10 [ 272.108198] FS: 00007b930906fc40(0000) GS:ffff969603149000(0000) knlGS:0000000000000000 [ 272.116282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 272.122024] CR2: 0000000000000058 CR3: 000000012631c000 CR4: 00000000003506f0 [ 272.129155] Call Trace: [ 272.131606] <TASK> [ 272.133709] ? acpi_dev_pm_attach+0xdd/0x110 [ 272.137985] platform_probe+0x69/0xa0 [ 272.141652] really_probe+0x152/0x310 [ 272.145318] __driver_probe_device+0x77/0x110 [ 272.149678] driver_probe_device+0x1e/0x190 [ 272.153864] __driver_attach+0x10b/0x1e0 [ 272.157790] ? driver_attach+0x20/0x20 [ 272.161542] bus_for_each_dev+0x107/0x150 [ 272.165553] bus_add_driver+0x15d/0x270 [ 272.169392] driver_register+0x65/0x110 [ 272.173232] ? cleanup_module+0xa80/0xa80 [i2c_cros_ec_tunnel 3a00532f3f4af4a9eade753f86b0f8dd4e4e5698] [ 272.182617] do_one_initcall+0x110/0x350 [ 272.186543] ? security_kernfs_init_security+0x49/0xd0 [ 272.191682] ? __kernfs_new_node+0x1b9/0x240 [ 272.195954] ? security_kernfs_init_security+0x49/0xd0 [ 272.201093] ? __kernfs_new_node+0x1b9/0x240 [ 272.205365] ? kernfs_link_sibling+0x105/0x130 [ 272.209810] ? kernfs_next_descendant_post+0x1c/0xa0 [ 272.214773] ? kernfs_activate+0x57/0x70 [ 272.218699] ? kernfs_add_one+0x118/0x160 [ 272.222710] ? __kernfs_create_file+0x71/0xa0 [ 272.227069] ? sysfs_add_bin_file_mode_ns+0xd6/0x110 [ 272.232033] ? internal_create_group+0x453/0x4a0 [ 272.236651] ? __vunmap_range_noflush+0x214/0x2d0 [ 272.241355] ? __free_frozen_pages+0x1dc/0x420 [ 272.245799] ? free_vmap_area_noflush+0x10a/0x1c0 [ 272.250505] ? load_module+0x1509/0x16f0 [ 272.254431] do_init_module+0x60/0x230 [ 272.258181] __se_sys_finit_module+0x27a/0x370 [ 272.262627] do_syscall_64+0x6a/0xf0 [ 272.266206] ? do_syscall_64+0x76/0xf0 [ 272.269956] ? irqentry_exit_to_user_mode+0x79/0x90 [ 272.274836] entry_SYSCALL_64_after_hwframe+0x55/0x5d [ 272.279887] RIP: 0033:0x7b9309168d39 [ 272.283466] Code: 5b 41 5c 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d af 40 0c 00 f7 d8 64 89 01 8 [ 272.302210] RSP: 002b:00007fff50f1a288 EFLAGS: 00000246 ORIG_RAX: 000 ---truncated--- CVE-2025-37781 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37781.html CVE-2025-37781 https://bugzilla.suse.com/1242575 SUSE Bug 1242575 In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev->driver from a valid pointer to NULL may result in crash. Fix this by using READ_ONCE() when fetching the pointer, and take bus' drivers klist lock to make sure driver instance will not disappear while we access it. Use WRITE_ONCE() when setting the driver pointer to ensure there is no tearing. CVE-2025-37800 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37800.html CVE-2025-37800 https://bugzilla.suse.com/1242849 SUSE Bug 1242849 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check that event count does not exceed event buffer length, avoiding an out-of-bounds access when memcpy'ing the event. Crash log: Unable to handle kernel paging request at virtual address ffffffc0129be000 pc : __memcpy+0x114/0x180 lr : dwc3_check_event_buf+0xec/0x348 x3 : 0000000000000030 x2 : 000000000000dfc4 x1 : ffffffc0129be000 x0 : ffffff87aad60080 Call trace: __memcpy+0x114/0x180 dwc3_interrupt+0x24/0x34 CVE-2025-37810 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37810.html CVE-2025-37810 https://bugzilla.suse.com/1242906 SUSE Bug 1242906 In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reference leak in pci_register_host_bridge() If device_register() fails, call put_device() to give up the reference to avoid a memory leak, per the comment at device_register(). Found by code review. [bhelgaas: squash Dan Carpenter's double free fix from https://lore.kernel.org/r/db806a6c-a91b-4e5a-a84b-6b7e01bdac85@stanley.mountain] CVE-2025-37836 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37836.html CVE-2025-37836 https://bugzilla.suse.com/1242957 SUSE Bug 1242957 In the Linux kernel, the following vulnerability has been resolved: cifs: avoid NULL pointer dereference in dbg call cifs_server_dbg() implies server to be non-NULL so move call under condition to avoid NULL pointer dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-37844 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37844.html CVE-2025-37844 https://bugzilla.suse.com/1242946 SUSE Bug 1242946 In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function triggered a null pointer dereference if used to search for a report that isn't implemented on the device. This happened both for optional and required reports alike. The same logic was applied to pidff_find_special_field and although pidff_init_fields should return an error earlier if one of the required reports is missing, future modifications could change this logic and resurface this possible null pointer dereference again. LKML bug report: https://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com CVE-2025-37862 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37862.html CVE-2025-37862 https://bugzilla.suse.com/1242982 SUSE Bug 1242982 In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftl_read_oob() In INFTL_findwriteunit(), the return value of inftl_read_oob() need to be checked. A proper implementation can be found in INFTL_deleteblock(). The status will be set as SECTOR_IGNORE to break from the while-loop correctly if the inftl_read_oob() fails. CVE-2025-37892 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37892.html CVE-2025-37892 https://bugzilla.suse.com/1243536 SUSE Bug 1243536 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix out-of-bound memcpy() during ethtool -w When retrieving the FW coredump using ethtool, it can sometimes cause memory corruption: BUG: KFENCE: memory corruption in __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] Corrupted memory at 0x000000008f0f30e8 [ ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ] (in kfence-#45): __bnxt_get_coredump+0x3ef/0x670 [bnxt_en] ethtool_get_dump_data+0xdc/0x1a0 __dev_ethtool+0xa1e/0x1af0 dev_ethtool+0xa8/0x170 dev_ioctl+0x1b5/0x580 sock_do_ioctl+0xab/0xf0 sock_ioctl+0x1ce/0x2e0 __x64_sys_ioctl+0x87/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x78/0x80 ... This happens when copying the coredump segment list in bnxt_hwrm_dbg_dma_data() with the HWRM_DBG_COREDUMP_LIST FW command. The info->dest_buf buffer is allocated based on the number of coredump segments returned by the FW. The segment list is then DMA'ed by the FW and the length of the DMA is returned by FW. The driver then copies this DMA'ed segment list to info->dest_buf. In some cases, this DMA length may exceed the info->dest_buf length and cause the above BUG condition. Fix it by capping the copy length to not exceed the length of info->dest_buf. The extra DMA data contains no useful information. This code path is shared for the HWRM_DBG_COREDUMP_LIST and the HWRM_DBG_COREDUMP_RETRIEVE FW commands. The buffering is different for these 2 FW commands. To simplify the logic, we need to move the line to adjust the buffer length for HWRM_DBG_COREDUMP_RETRIEVE up, so that the new check to cap the copy length will work for both commands. CVE-2025-37911 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37911.html CVE-2025-37911 https://bugzilla.suse.com/1243469 SUSE Bug 1243469 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] BUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 Write of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260 CPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 __asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106 trace_seq_to_buffer kernel/trace/trace.c:1830 [inline] tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822 .... ================================================================== It has been reported that trace_seq_to_buffer() tries to copy more data than PAGE_SIZE to buf. Therefore, to prevent this, we should use the smaller of trace_seq_used(&iter->seq) and PAGE_SIZE as an argument. CVE-2025-37923 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37923.html CVE-2025-37923 https://bugzilla.suse.com/1243551 SUSE Bug 1243551 In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow of hid or uid buffers. Comparing ACPIID_LEN against a total string length doesn't take into account the lengths of individual hid and uid buffers so the check is insufficient in some cases. For example if the length of hid string is 4 and the length of the uid string is 260, the length of str will be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer which size is 256. The same applies to the hid string with length 13 and uid string with length 250. Check the length of hid and uid strings separately to prevent buffer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. CVE-2025-37927 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37927.html CVE-2025-37927 https://bugzilla.suse.com/1243620 SUSE Bug 1243620 In the Linux kernel, the following vulnerability has been resolved: dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrink_work+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16! [ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug] [ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] __might_resched+0x190/0x1a8 [ 129.447694][ T934] shrink_work+0x180/0x248 [ 129.447706][ T934] process_one_work+0x260/0x624 [ 129.447718][ T934] worker_thread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] ret_from_fork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] ---[ end trace 0000000000000000 ]--- dm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet is enabled, and __scan will be called in atomic context. CVE-2025-37928 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37928.html CVE-2025-37928 https://bugzilla.suse.com/1243621 SUSE Bug 1243621 In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 ("ipvs: do not use random local source address for tunnels") already implies that the input value of saddr should be ignored but the code is still reading it which can prevent to connect the route. Fix it by changing the argument to ret_saddr. [1] BUG: KMSAN: uninit-value in do_output_route4+0x42c/0x4d0 net/netfilter/ipvs/ip_vs_xmit.c:147 do_output_route4+0x42c/0x4d0 net/netfilter/ipvs/ip_vs_xmit.c:147 __ip_vs_get_out_rt+0x403/0x21d0 net/netfilter/ipvs/ip_vs_xmit.c:330 ip_vs_tunnel_xmit+0x205/0x2380 net/netfilter/ipvs/ip_vs_xmit.c:1136 ip_vs_in_hook+0x1aa5/0x35b0 net/netfilter/ipvs/ip_vs_core.c:2063 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf7/0x400 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] __ip_local_out+0x758/0x7e0 net/ipv4/ip_output.c:118 ip_local_out net/ipv4/ip_output.c:127 [inline] ip_send_skb+0x6a/0x3c0 net/ipv4/ip_output.c:1501 udp_send_skb+0xfda/0x1b70 net/ipv4/udp.c:1195 udp_sendmsg+0x2fe3/0x33c0 net/ipv4/udp.c:1483 inet_sendmsg+0x1fc/0x280 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x267/0x380 net/socket.c:727 ____sys_sendmsg+0x91b/0xda0 net/socket.c:2566 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2620 __sys_sendmmsg+0x41d/0x880 net/socket.c:2702 __compat_sys_sendmmsg net/compat.c:360 [inline] __do_compat_sys_sendmmsg net/compat.c:367 [inline] __se_compat_sys_sendmmsg net/compat.c:364 [inline] __ia32_compat_sys_sendmmsg+0xc8/0x140 net/compat.c:364 ia32_sys_call+0x3ffa/0x41f0 arch/x86/include/generated/asm/syscalls_32.h:346 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/syscall_32.c:306 do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:369 entry_SYSENTER_compat_after_hwframe+0x84/0x8e Uninit was created at: slab_post_alloc_hook mm/slub.c:4167 [inline] slab_alloc_node mm/slub.c:4210 [inline] __kmalloc_cache_noprof+0x8fa/0xe00 mm/slub.c:4367 kmalloc_noprof include/linux/slab.h:905 [inline] ip_vs_dest_dst_alloc net/netfilter/ipvs/ip_vs_xmit.c:61 [inline] __ip_vs_get_out_rt+0x35d/0x21d0 net/netfilter/ipvs/ip_vs_xmit.c:323 ip_vs_tunnel_xmit+0x205/0x2380 net/netfilter/ipvs/ip_vs_xmit.c:1136 ip_vs_in_hook+0x1aa5/0x35b0 net/netfilter/ipvs/ip_vs_core.c:2063 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf7/0x400 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] __ip_local_out+0x758/0x7e0 net/ipv4/ip_output.c:118 ip_local_out net/ipv4/ip_output.c:127 [inline] ip_send_skb+0x6a/0x3c0 net/ipv4/ip_output.c:1501 udp_send_skb+0xfda/0x1b70 net/ipv4/udp.c:1195 udp_sendmsg+0x2fe3/0x33c0 net/ipv4/udp.c:1483 inet_sendmsg+0x1fc/0x280 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x267/0x380 net/socket.c:727 ____sys_sendmsg+0x91b/0xda0 net/socket.c:2566 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2620 __sys_sendmmsg+0x41d/0x880 net/socket.c:2702 __compat_sys_sendmmsg net/compat.c:360 [inline] __do_compat_sys_sendmmsg net/compat.c:367 [inline] __se_compat_sys_sendmmsg net/compat.c:364 [inline] __ia32_compat_sys_sendmmsg+0xc8/0x140 net/compat.c:364 ia32_sys_call+0x3ffa/0x41f0 arch/x86/include/generated/asm/syscalls_32.h:346 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/syscall_32.c:306 do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:369 entry_SYSENTER_compat_after_hwframe+0x84/0x8e CPU: 0 UID: 0 PID: 22408 Comm: syz.4.5165 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(undef) Hardware name: Google Google Compute Engi ---truncated--- CVE-2025-37961 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37961.html CVE-2025-37961 https://bugzilla.suse.com/1243523 SUSE Bug 1243523 In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. Add the missing blk_mq_sysfs_unregister() call in the error path to properly clean up these resources and prevent a memory leak. CVE-2025-37980 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37980.html CVE-2025-37980 https://bugzilla.suse.com/1243522 SUSE Bug 1243522 In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue. CVE-2025-37982 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37982.html CVE-2025-37982 https://bugzilla.suse.com/1243524 SUSE Bug 1243524 In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list. This could result in NULL pointer dereference when we only check sch->limit against sch->q.qlen. This patch introduces a new helper, qdisc_dequeue_internal(), which ensures both the gso_skb list and the main queue are properly flushed when trimming excess packets. All relevant qdiscs (codel, fq, fq_codel, fq_pie, hhf, pie) are updated to use this helper in their ->change() routines. CVE-2025-37992 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37992.html CVE-2025-37992 https://bugzilla.suse.com/1243698 SUSE Bug 1243698 In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path causes an attempt to use an uninitialized completion pointer in 'module_kobject_release()'. In this scenario, we just want to release kobject without an extra synchronization required for a regular module unloading process, so adding an extra check whether 'complete()' is actually required makes 'kobject_put()' safe. CVE-2025-37995 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37995.html CVE-2025-37995 https://bugzilla.suse.com/1243827 SUSE Bug 1243827 In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed attributes are processed. CVE-2025-37998 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-37998.html CVE-2025-37998 https://bugzilla.suse.com/1243836 SUSE Bug 1243836 In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may trigger an immediate dequeue and potential packet drop. In such cases, qdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog have not yet been updated, leading to inconsistent queue accounting. This can leave an empty HFSC class in the active list, causing further consequences like use-after-free. This patch fixes the bug by moving the increment of sch->q.qlen and sch->qstats.backlog before the call to the child qdisc's peek() operation. This ensures that queue length and backlog are always accurate when packet drops or dequeues are triggered during the peek. CVE-2025-38000 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-38000.html CVE-2025-38000 https://bugzilla.suse.com/1244277 SUSE Bug 1244277 https://bugzilla.suse.com/1245775 SUSE Bug 1245775 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a proof of concept that triggered a KASAN slab-out-of-bounds read access which can be prevented with a spin_lock_bh. At the rework of bcm_can_tx() the 'count' variable has been moved into the protected section as this variable can be modified from both contexts too. CVE-2025-38004 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-38004.html CVE-2025-38004 https://bugzilla.suse.com/1244274 SUSE Bug 1244274 In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfs_get_lock_context in unlock path When memory is insufficient, the allocation of nfs_lock_context in nfs_get_lock_context() fails and returns -ENOMEM. If we mistakenly treat an nfs4_unlockdata structure (whose l_ctx member has been set to -ENOMEM) as valid and proceed to execute rpc_run_task(), this will trigger a NULL pointer dereference in nfs4_locku_prepare. For example: BUG: kernel NULL pointer dereference, address: 000000000000000c PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 15 UID: 0 PID: 12 Comm: kworker/u64:0 Not tainted 6.15.0-rc2-dirty #60 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 Workqueue: rpciod rpc_async_schedule RIP: 0010:nfs4_locku_prepare+0x35/0xc2 Code: 89 f2 48 89 fd 48 c7 c7 68 69 ef b5 53 48 8b 8e 90 00 00 00 48 89 f3 RSP: 0018:ffffbbafc006bdb8 EFLAGS: 00010246 RAX: 000000000000004b RBX: ffff9b964fc1fa00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: fffffffffffffff4 RDI: ffff9ba53fddbf40 RBP: ffff9ba539934000 R08: 0000000000000000 R09: ffffbbafc006bc38 R10: ffffffffb6b689c8 R11: 0000000000000003 R12: ffff9ba539934030 R13: 0000000000000001 R14: 0000000004248060 R15: ffffffffb56d1c30 FS: 0000000000000000(0000) GS:ffff9ba5881f0000(0000) knlGS:00000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000000c CR3: 000000093f244000 CR4: 00000000000006f0 Call Trace: <TASK> __rpc_execute+0xbc/0x480 rpc_async_schedule+0x2f/0x40 process_one_work+0x232/0x5d0 worker_thread+0x1da/0x3d0 ? __pfx_worker_thread+0x10/0x10 kthread+0x10d/0x240 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Modules linked in: CR2: 000000000000000c ---[ end trace 0000000000000000 ]--- Free the allocated nfs4_unlockdata when nfs_get_lock_context() fails and return NULL to terminate subsequent rpc_run_task, preventing NULL pointer dereference. CVE-2025-38023 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-38023.html CVE-2025-38023 https://bugzilla.suse.com/1245004 SUSE Bug 1245004 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xcf/0x610 mm/kasan/report.c:489 kasan_report+0xb5/0xe0 mm/kasan/report.c:602 rxe_queue_cleanup+0xd0/0xe0 drivers/infiniband/sw/rxe/rxe_queue.c:195 rxe_cq_cleanup+0x3f/0x50 drivers/infiniband/sw/rxe/rxe_cq.c:132 __rxe_cleanup+0x168/0x300 drivers/infiniband/sw/rxe/rxe_pool.c:232 rxe_create_cq+0x22e/0x3a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1109 create_cq+0x658/0xb90 drivers/infiniband/core/uverbs_cmd.c:1052 ib_uverbs_create_cq+0xc7/0x120 drivers/infiniband/core/uverbs_cmd.c:1095 ib_uverbs_write+0x969/0xc90 drivers/infiniband/core/uverbs_main.c:679 vfs_write fs/read_write.c:677 [inline] vfs_write+0x26a/0xcc0 fs/read_write.c:659 ksys_write+0x1b8/0x200 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f In the function rxe_create_cq, when rxe_cq_from_init fails, the function rxe_cleanup will be called to handle the allocated resources. In fact, some memory resources have already been freed in the function rxe_cq_from_init. Thus, this problem will occur. The solution is to let rxe_cleanup do all the work. CVE-2025-38024 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-38024.html CVE-2025-38024 https://bugzilla.suse.com/1245025 SUSE Bug 1245025 In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() Honour the user given buffer size for the strn_len() calls (otherwise strn_len() will access memory outside of the user given buffer). CVE-2025-38061 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-38061.html CVE-2025-38061 https://bugzilla.suse.com/1245440 SUSE Bug 1245440 In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in nd_label_data_init() If a faulty CXL memory device returns a broken zero LSA size in its memory device information (Identify Memory Device (Opcode 4000h), CXL spec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm driver: Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm] Code and flow: 1) CXL Command 4000h returns LSA size = 0 2) config_size is assigned to zero LSA size (CXL pmem driver): drivers/cxl/pmem.c: .config_size = mds->lsa_size, 3) max_xfer is set to zero (nvdimm driver): drivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size); 4) A subsequent DIV_ROUND_UP() causes a division by zero: drivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */ drivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer, drivers/nvdimm/label.c- config_size); Fix this by checking the config size parameter by extending an existing check. CVE-2025-38072 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-38072.html CVE-2025-38072 https://bugzilla.suse.com/1244743 SUSE Bug 1244743 In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization (or reconfiguration) of a stream with the explicit call of snd_pcm_format_set_silence() with runtime->dma_area. But this may lead to a UAF because the accessed runtime->dma_area might be freed concurrently, as it's performed outside the PCM ops. For avoiding it, move the code into the PCM core and perform it inside the buffer access lock, so that it won't be changed during the operation. CVE-2025-38078 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-38078.html CVE-2025-38078 https://bugzilla.suse.com/1244737 SUSE Bug 1244737 In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock. CVE-2025-38083 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kernel-default-kgraft-devel-4.12.14-122.266.1 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-1-8.5.1 SUSE Linux Enterprise Server 12 SP5-LTSS:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-default-man-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server 12 SP5-LTSS:ocfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:cluster-md-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dlm-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gfs2-kmp-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-base-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-default-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-devel-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-macros-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-source-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:kernel-syms-4.12.14-122.266.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:ocfs2-kmp-default-4.12.14-122.266.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502334-1/ https://www.suse.com/security/cve/CVE-2025-38083.html CVE-2025-38083 https://bugzilla.suse.com/1245183 SUSE Bug 1245183 https://bugzilla.suse.com/1245350 SUSE Bug 1245350