Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02844-2 Final 1 1 2025-09-18T13:20:50Z current 2025-09-18T13:20:50Z 2025-09-18T13:20:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50211: md-raid10: fix KASAN warning (bsc#1245140). - CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2844,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2025-2844 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502844-2/ Link for SUSE-SU-2025:02844-2 https://lists.suse.com/pipermail/sle-updates/2025-September/041775.html E-Mail link for SUSE-SU-2025:02844-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1233551 SUSE Bug 1233551 https://bugzilla.suse.com/1234863 SUSE Bug 1234863 https://bugzilla.suse.com/1240799 SUSE Bug 1240799 https://bugzilla.suse.com/1242780 SUSE Bug 1242780 https://bugzilla.suse.com/1245140 SUSE Bug 1245140 https://bugzilla.suse.com/1245217 SUSE Bug 1245217 https://bugzilla.suse.com/1246037 SUSE Bug 1246037 https://bugzilla.suse.com/1246045 SUSE Bug 1246045 https://www.suse.com/security/cve/CVE-2022-50211/ SUSE CVE CVE-2022-50211 page https://www.suse.com/security/cve/CVE-2023-53117/ SUSE CVE CVE-2023-53117 page https://www.suse.com/security/cve/CVE-2024-53057/ SUSE CVE CVE-2024-53057 page https://www.suse.com/security/cve/CVE-2024-53164/ SUSE CVE CVE-2024-53164 page https://www.suse.com/security/cve/CVE-2025-21971/ SUSE CVE CVE-2025-21971 page https://www.suse.com/security/cve/CVE-2025-38079/ SUSE CVE CVE-2025-38079 page https://www.suse.com/security/cve/CVE-2025-38200/ SUSE CVE CVE-2025-38200 page https://www.suse.com/security/cve/CVE-2025-38213/ SUSE CVE CVE-2025-38213 page SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-debug-3.0.101-108.189.1 kernel-debug-base-3.0.101-108.189.1 kernel-debug-devel-3.0.101-108.189.1 kernel-debug-extra-3.0.101-108.189.1 kernel-debug-hmac-3.0.101-108.189.1 kernel-default-3.0.101-108.189.1 kernel-default-base-3.0.101-108.189.1 kernel-default-devel-3.0.101-108.189.1 kernel-default-extra-3.0.101-108.189.1 kernel-default-hmac-3.0.101-108.189.1 kernel-docs-3.0.101-108.189.1 kernel-ec2-3.0.101-108.189.1 kernel-ec2-base-3.0.101-108.189.1 kernel-ec2-devel-3.0.101-108.189.1 kernel-ec2-extra-3.0.101-108.189.1 kernel-ec2-hmac-3.0.101-108.189.1 kernel-pae-3.0.101-108.189.1 kernel-pae-base-3.0.101-108.189.1 kernel-pae-devel-3.0.101-108.189.1 kernel-pae-extra-3.0.101-108.189.1 kernel-pae-hmac-3.0.101-108.189.1 kernel-source-3.0.101-108.189.1 kernel-source-vanilla-3.0.101-108.189.1 kernel-syms-3.0.101-108.189.1 kernel-trace-3.0.101-108.189.1 kernel-trace-base-3.0.101-108.189.1 kernel-trace-devel-3.0.101-108.189.1 kernel-trace-extra-3.0.101-108.189.1 kernel-trace-hmac-3.0.101-108.189.1 kernel-vanilla-3.0.101-108.189.1 kernel-vanilla-base-3.0.101-108.189.1 kernel-vanilla-devel-3.0.101-108.189.1 kernel-vanilla-hmac-3.0.101-108.189.1 kernel-xen-3.0.101-108.189.1 kernel-xen-base-3.0.101-108.189.1 kernel-xen-devel-3.0.101-108.189.1 kernel-xen-extra-3.0.101-108.189.1 kernel-xen-hmac-3.0.101-108.189.1 kernel-default-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-default-base-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-default-devel-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-docs-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-ec2-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-ec2-base-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-ec2-devel-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-source-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-syms-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-trace-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-trace-base-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-trace-devel-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-xen-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-xen-base-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-xen-devel-3.0.101-108.189.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10_remove_disk when running the lvm test lvconvert-raid-reshape.sh. We fix this warning by verifying that the value "number" is valid. BUG: KASAN: slab-out-of-bounds in raid10_remove_disk+0x61/0x2a0 [raid10] Read of size 8 at addr ffff889108f3d300 by task mdX_raid10/124682 CPU: 3 PID: 124682 Comm: mdX_raid10 Not tainted 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report.cold+0x45/0x57a ? __lock_text_start+0x18/0x18 ? raid10_remove_disk+0x61/0x2a0 [raid10] kasan_report+0xa8/0xe0 ? raid10_remove_disk+0x61/0x2a0 [raid10] raid10_remove_disk+0x61/0x2a0 [raid10] Buffer I/O error on dev dm-76, logical block 15344, async page read ? __mutex_unlock_slowpath.constprop.0+0x1e0/0x1e0 remove_and_add_spares+0x367/0x8a0 [md_mod] ? super_written+0x1c0/0x1c0 [md_mod] ? mutex_trylock+0xac/0x120 ? _raw_spin_lock+0x72/0xc0 ? _raw_spin_lock_bh+0xc0/0xc0 md_check_recovery+0x848/0x960 [md_mod] raid10d+0xcf/0x3360 [raid10] ? sched_clock_cpu+0x185/0x1a0 ? rb_erase+0x4d4/0x620 ? var_wake_function+0xe0/0xe0 ? psi_group_change+0x411/0x500 ? preempt_count_sub+0xf/0xc0 ? _raw_spin_lock_irqsave+0x78/0xc0 ? __lock_text_start+0x18/0x18 ? raid10_sync_request+0x36c0/0x36c0 [raid10] ? preempt_count_sub+0xf/0xc0 ? _raw_spin_unlock_irqrestore+0x19/0x40 ? del_timer_sync+0xa9/0x100 ? try_to_del_timer_sync+0xc0/0xc0 ? _raw_spin_lock_irqsave+0x78/0xc0 ? __lock_text_start+0x18/0x18 ? _raw_spin_unlock_irq+0x11/0x24 ? __list_del_entry_valid+0x68/0xa0 ? finish_wait+0xa3/0x100 md_thread+0x161/0x260 [md_mod] ? unregister_md_personality+0xa0/0xa0 [md_mod] ? _raw_spin_lock_irqsave+0x78/0xc0 ? prepare_to_wait_event+0x2c0/0x2c0 ? unregister_md_personality+0xa0/0xa0 [md_mod] kthread+0x148/0x180 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK> Allocated by task 124495: kasan_save_stack+0x1e/0x40 __kasan_kmalloc+0x80/0xa0 setup_conf+0x140/0x5c0 [raid10] raid10_run+0x4cd/0x740 [raid10] md_run+0x6f9/0x1300 [md_mod] raid_ctr+0x2531/0x4ac0 [dm_raid] dm_table_add_target+0x2b0/0x620 [dm_mod] table_load+0x1c8/0x400 [dm_mod] ctl_ioctl+0x29e/0x560 [dm_mod] dm_compat_ctl_ioctl+0x7/0x20 [dm_mod] __do_compat_sys_ioctl+0xfa/0x160 do_syscall_64+0x90/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x9e/0xc0 kvfree_call_rcu+0x84/0x480 timerfd_release+0x82/0x140 L __fput+0xfa/0x400 task_work_run+0x80/0xc0 exit_to_user_mode_prepare+0x155/0x160 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x42/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Second to last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x9e/0xc0 kvfree_call_rcu+0x84/0x480 timerfd_release+0x82/0x140 __fput+0xfa/0x400 task_work_run+0x80/0xc0 exit_to_user_mode_prepare+0x155/0x160 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x42/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The buggy address belongs to the object at ffff889108f3d200 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 0 bytes to the right of 256-byte region [ffff889108f3d200, ffff889108f3d300) The buggy address belongs to the physical page: page:000000007ef2a34c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108f3c head:000000007ef2a34c order:2 compound_mapcount:0 compound_pincount:0 flags: 0x4000000000010200(slab|head|zone=2) raw: 4000000000010200 0000000000000000 dead000000000001 ffff889100042b40 raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff889108f3d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff889108f3d280: 00 00 ---truncated--- CVE-2022-50211 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.189.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502844-2/ https://www.suse.com/security/cve/CVE-2022-50211.html CVE-2022-50211 https://bugzilla.suse.com/1245140 SUSE Bug 1245140 https://bugzilla.suse.com/1245141 SUSE Bug 1245141 In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369 CVE-2023-53117 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.189.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502844-2/ https://www.suse.com/security/cve/CVE-2023-53117.html CVE-2023-53117 https://bugzilla.suse.com/1242780 SUSE Bug 1242780 In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) CVE-2024-53057 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.189.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502844-2/ https://www.suse.com/security/cve/CVE-2024-53057.html CVE-2024-53057 https://bugzilla.suse.com/1233551 SUSE Bug 1233551 https://bugzilla.suse.com/1245816 SUSE Bug 1245816 In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty. CVE-2024-53164 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.189.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502844-2/ https://www.suse.com/security/cve/CVE-2024-53164.html CVE-2024-53164 https://bugzilla.suse.com/1234863 SUSE Bug 1234863 https://bugzilla.suse.com/1246019 SUSE Bug 1246019 In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal. CVE-2025-21971 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.189.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502844-2/ https://www.suse.com/security/cve/CVE-2025-21971.html CVE-2025-21971 https://bugzilla.suse.com/1240799 SUSE Bug 1240799 https://bugzilla.suse.com/1245794 SUSE Bug 1245794 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error. CVE-2025-38079 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.189.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502844-2/ https://www.suse.com/security/cve/CVE-2025-38079.html CVE-2025-38079 https://bugzilla.suse.com/1245217 SUSE Bug 1245217 https://bugzilla.suse.com/1245218 SUSE Bug 1245218 In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer underflow by changing the type of related variables. CVE-2025-38200 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.189.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502844-2/ https://www.suse.com/security/cve/CVE-2025-38200.html CVE-2025-38200 https://bugzilla.suse.com/1246045 SUSE Bug 1246045 https://bugzilla.suse.com/1246046 SUSE Bug 1246046 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2025-38213 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.189.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.189.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502844-2/ https://www.suse.com/security/cve/CVE-2025-38213.html CVE-2025-38213 https://bugzilla.suse.com/1246037 SUSE Bug 1246037 https://bugzilla.suse.com/1246039 SUSE Bug 1246039