Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02848-1 Final 1 1 2025-08-18T15:55:27Z current 2025-08-18T15:55:27Z 2025-08-18T15:55:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50211: md-raid10: fix KASAN warning (bsc#1245140). - CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). - CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104). - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217). - CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037). - CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186). - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro-rancher/5.2:latest-2025-2848,SUSE-2025-2848,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2848,SUSE-SLE-Product-HA-15-SP3-2025-2848,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2848,SUSE-SUSE-MicroOS-5.1-2025-2848,SUSE-SUSE-MicroOS-5.2-2025-2848,SUSE-Storage-7.1-2025-2848 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ Link for SUSE-SU-2025:02848-1 https://lists.suse.com/pipermail/sle-updates/2025-August/041248.html E-Mail link for SUSE-SU-2025:02848-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1210629 SUSE Bug 1210629 https://bugzilla.suse.com/1233551 SUSE Bug 1233551 https://bugzilla.suse.com/1234863 SUSE Bug 1234863 https://bugzilla.suse.com/1236104 SUSE Bug 1236104 https://bugzilla.suse.com/1236333 SUSE Bug 1236333 https://bugzilla.suse.com/1239644 SUSE Bug 1239644 https://bugzilla.suse.com/1242414 SUSE Bug 1242414 https://bugzilla.suse.com/1242417 SUSE Bug 1242417 https://bugzilla.suse.com/1245140 SUSE Bug 1245140 https://bugzilla.suse.com/1245217 SUSE Bug 1245217 https://bugzilla.suse.com/1245711 SUSE Bug 1245711 https://bugzilla.suse.com/1245986 SUSE Bug 1245986 https://bugzilla.suse.com/1246000 SUSE Bug 1246000 https://bugzilla.suse.com/1246029 SUSE Bug 1246029 https://bugzilla.suse.com/1246037 SUSE Bug 1246037 https://bugzilla.suse.com/1246045 SUSE Bug 1246045 https://bugzilla.suse.com/1246186 SUSE Bug 1246186 https://bugzilla.suse.com/1247347 SUSE Bug 1247347 https://bugzilla.suse.com/1247348 SUSE Bug 1247348 https://bugzilla.suse.com/1247349 SUSE Bug 1247349 https://www.suse.com/security/cve/CVE-2022-50211/ SUSE CVE CVE-2022-50211 page https://www.suse.com/security/cve/CVE-2023-2176/ SUSE CVE CVE-2023-2176 page https://www.suse.com/security/cve/CVE-2023-52923/ SUSE CVE CVE-2023-52923 page https://www.suse.com/security/cve/CVE-2023-52927/ SUSE CVE CVE-2023-52927 page https://www.suse.com/security/cve/CVE-2024-53057/ SUSE CVE CVE-2024-53057 page https://www.suse.com/security/cve/CVE-2024-53164/ SUSE CVE CVE-2024-53164 page https://www.suse.com/security/cve/CVE-2024-57947/ SUSE CVE CVE-2024-57947 page https://www.suse.com/security/cve/CVE-2025-37797/ SUSE CVE CVE-2025-37797 page https://www.suse.com/security/cve/CVE-2025-37798/ SUSE CVE CVE-2025-37798 page https://www.suse.com/security/cve/CVE-2025-38079/ SUSE CVE CVE-2025-38079 page https://www.suse.com/security/cve/CVE-2025-38120/ SUSE CVE CVE-2025-38120 page https://www.suse.com/security/cve/CVE-2025-38177/ SUSE CVE CVE-2025-38177 page https://www.suse.com/security/cve/CVE-2025-38181/ SUSE CVE CVE-2025-38181 page https://www.suse.com/security/cve/CVE-2025-38200/ SUSE CVE CVE-2025-38200 page https://www.suse.com/security/cve/CVE-2025-38212/ SUSE CVE CVE-2025-38212 page https://www.suse.com/security/cve/CVE-2025-38213/ SUSE CVE CVE-2025-38213 page https://www.suse.com/security/cve/CVE-2025-38257/ SUSE CVE CVE-2025-38257 page https://www.suse.com/security/cve/CVE-2025-38494/ SUSE CVE CVE-2025-38494 page https://www.suse.com/security/cve/CVE-2025-38495/ SUSE CVE CVE-2025-38495 page https://www.suse.com/security/cve/CVE-2025-38497/ SUSE CVE CVE-2025-38497 page Container suse/sle-micro-rancher/5.2:latest SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability Extension 15 SP3 SUSE Linux Enterprise Live Patching 15 SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Server 15 SP3-LTSS kernel-default-5.3.18-150300.59.215.1 cluster-md-kmp-64kb-5.3.18-150300.59.215.1 cluster-md-kmp-default-5.3.18-150300.59.215.1 cluster-md-kmp-preempt-5.3.18-150300.59.215.1 dlm-kmp-64kb-5.3.18-150300.59.215.1 dlm-kmp-default-5.3.18-150300.59.215.1 dlm-kmp-preempt-5.3.18-150300.59.215.1 dtb-al-5.3.18-150300.59.215.1 dtb-allwinner-5.3.18-150300.59.215.1 dtb-altera-5.3.18-150300.59.215.1 dtb-amd-5.3.18-150300.59.215.1 dtb-amlogic-5.3.18-150300.59.215.1 dtb-apm-5.3.18-150300.59.215.1 dtb-arm-5.3.18-150300.59.215.1 dtb-broadcom-5.3.18-150300.59.215.1 dtb-cavium-5.3.18-150300.59.215.1 dtb-exynos-5.3.18-150300.59.215.1 dtb-freescale-5.3.18-150300.59.215.1 dtb-hisilicon-5.3.18-150300.59.215.1 dtb-lg-5.3.18-150300.59.215.1 dtb-marvell-5.3.18-150300.59.215.1 dtb-mediatek-5.3.18-150300.59.215.1 dtb-nvidia-5.3.18-150300.59.215.1 dtb-qcom-5.3.18-150300.59.215.1 dtb-renesas-5.3.18-150300.59.215.1 dtb-rockchip-5.3.18-150300.59.215.1 dtb-socionext-5.3.18-150300.59.215.1 dtb-sprd-5.3.18-150300.59.215.1 dtb-xilinx-5.3.18-150300.59.215.1 dtb-zte-5.3.18-150300.59.215.1 gfs2-kmp-64kb-5.3.18-150300.59.215.1 gfs2-kmp-default-5.3.18-150300.59.215.1 gfs2-kmp-preempt-5.3.18-150300.59.215.1 kernel-64kb-5.3.18-150300.59.215.1 kernel-64kb-devel-5.3.18-150300.59.215.1 kernel-64kb-extra-5.3.18-150300.59.215.1 kernel-64kb-optional-5.3.18-150300.59.215.1 kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 kernel-default-base-rebuild-5.3.18-150300.59.215.1.150300.18.128.1 kernel-default-devel-5.3.18-150300.59.215.1 kernel-default-extra-5.3.18-150300.59.215.1 kernel-default-livepatch-5.3.18-150300.59.215.1 kernel-default-livepatch-devel-5.3.18-150300.59.215.1 kernel-default-optional-5.3.18-150300.59.215.1 kernel-devel-5.3.18-150300.59.215.1 kernel-docs-5.3.18-150300.59.215.1 kernel-docs-html-5.3.18-150300.59.215.1 kernel-kvmsmall-5.3.18-150300.59.215.1 kernel-kvmsmall-devel-5.3.18-150300.59.215.1 kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 kernel-livepatch-5_3_18-150300_59_215-preempt-1-150300.7.3.1 kernel-macros-5.3.18-150300.59.215.1 kernel-obs-build-5.3.18-150300.59.215.1 kernel-obs-qa-5.3.18-150300.59.215.1 kernel-preempt-5.3.18-150300.59.215.1 kernel-preempt-devel-5.3.18-150300.59.215.1 kernel-preempt-extra-5.3.18-150300.59.215.1 kernel-preempt-optional-5.3.18-150300.59.215.1 kernel-source-5.3.18-150300.59.215.1 kernel-source-vanilla-5.3.18-150300.59.215.1 kernel-syms-5.3.18-150300.59.215.1 kernel-zfcpdump-5.3.18-150300.59.215.1 kselftests-kmp-64kb-5.3.18-150300.59.215.1 kselftests-kmp-default-5.3.18-150300.59.215.1 kselftests-kmp-preempt-5.3.18-150300.59.215.1 ocfs2-kmp-64kb-5.3.18-150300.59.215.1 ocfs2-kmp-default-5.3.18-150300.59.215.1 ocfs2-kmp-preempt-5.3.18-150300.59.215.1 reiserfs-kmp-64kb-5.3.18-150300.59.215.1 reiserfs-kmp-default-5.3.18-150300.59.215.1 reiserfs-kmp-preempt-5.3.18-150300.59.215.1 kernel-default-5.3.18-150300.59.215.1 as a component of Container suse/sle-micro-rancher/5.2:latest kernel-64kb-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-64kb-devel-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-default-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 as a component of SUSE Enterprise Storage 7.1 kernel-default-devel-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-devel-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-docs-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-macros-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-obs-build-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-preempt-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-preempt-devel-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-source-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 kernel-syms-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 reiserfs-kmp-default-5.3.18-150300.59.215.1 as a component of SUSE Enterprise Storage 7.1 cluster-md-kmp-default-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 dlm-kmp-default-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 gfs2-kmp-default-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 ocfs2-kmp-default-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 kernel-default-livepatch-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-default-livepatch-devel-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-default-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Micro 5.1 kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 as a component of SUSE Linux Enterprise Micro 5.1 kernel-default-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Micro 5.2 kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 as a component of SUSE Linux Enterprise Micro 5.2 kernel-64kb-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-64kb-devel-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-default-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-default-devel-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-devel-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-docs-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-macros-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-obs-build-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-preempt-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-preempt-devel-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-source-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-syms-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-zfcpdump-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS reiserfs-kmp-default-5.3.18-150300.59.215.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10_remove_disk when running the lvm test lvconvert-raid-reshape.sh. We fix this warning by verifying that the value "number" is valid. BUG: KASAN: slab-out-of-bounds in raid10_remove_disk+0x61/0x2a0 [raid10] Read of size 8 at addr ffff889108f3d300 by task mdX_raid10/124682 CPU: 3 PID: 124682 Comm: mdX_raid10 Not tainted 5.19.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report.cold+0x45/0x57a ? __lock_text_start+0x18/0x18 ? raid10_remove_disk+0x61/0x2a0 [raid10] kasan_report+0xa8/0xe0 ? raid10_remove_disk+0x61/0x2a0 [raid10] raid10_remove_disk+0x61/0x2a0 [raid10] Buffer I/O error on dev dm-76, logical block 15344, async page read ? __mutex_unlock_slowpath.constprop.0+0x1e0/0x1e0 remove_and_add_spares+0x367/0x8a0 [md_mod] ? super_written+0x1c0/0x1c0 [md_mod] ? mutex_trylock+0xac/0x120 ? _raw_spin_lock+0x72/0xc0 ? _raw_spin_lock_bh+0xc0/0xc0 md_check_recovery+0x848/0x960 [md_mod] raid10d+0xcf/0x3360 [raid10] ? sched_clock_cpu+0x185/0x1a0 ? rb_erase+0x4d4/0x620 ? var_wake_function+0xe0/0xe0 ? psi_group_change+0x411/0x500 ? preempt_count_sub+0xf/0xc0 ? _raw_spin_lock_irqsave+0x78/0xc0 ? __lock_text_start+0x18/0x18 ? raid10_sync_request+0x36c0/0x36c0 [raid10] ? preempt_count_sub+0xf/0xc0 ? _raw_spin_unlock_irqrestore+0x19/0x40 ? del_timer_sync+0xa9/0x100 ? try_to_del_timer_sync+0xc0/0xc0 ? _raw_spin_lock_irqsave+0x78/0xc0 ? __lock_text_start+0x18/0x18 ? _raw_spin_unlock_irq+0x11/0x24 ? __list_del_entry_valid+0x68/0xa0 ? finish_wait+0xa3/0x100 md_thread+0x161/0x260 [md_mod] ? unregister_md_personality+0xa0/0xa0 [md_mod] ? _raw_spin_lock_irqsave+0x78/0xc0 ? prepare_to_wait_event+0x2c0/0x2c0 ? unregister_md_personality+0xa0/0xa0 [md_mod] kthread+0x148/0x180 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x1f/0x30 </TASK> Allocated by task 124495: kasan_save_stack+0x1e/0x40 __kasan_kmalloc+0x80/0xa0 setup_conf+0x140/0x5c0 [raid10] raid10_run+0x4cd/0x740 [raid10] md_run+0x6f9/0x1300 [md_mod] raid_ctr+0x2531/0x4ac0 [dm_raid] dm_table_add_target+0x2b0/0x620 [dm_mod] table_load+0x1c8/0x400 [dm_mod] ctl_ioctl+0x29e/0x560 [dm_mod] dm_compat_ctl_ioctl+0x7/0x20 [dm_mod] __do_compat_sys_ioctl+0xfa/0x160 do_syscall_64+0x90/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x9e/0xc0 kvfree_call_rcu+0x84/0x480 timerfd_release+0x82/0x140 L __fput+0xfa/0x400 task_work_run+0x80/0xc0 exit_to_user_mode_prepare+0x155/0x160 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x42/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Second to last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x9e/0xc0 kvfree_call_rcu+0x84/0x480 timerfd_release+0x82/0x140 __fput+0xfa/0x400 task_work_run+0x80/0xc0 exit_to_user_mode_prepare+0x155/0x160 syscall_exit_to_user_mode+0x12/0x40 do_syscall_64+0x42/0xc0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The buggy address belongs to the object at ffff889108f3d200 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 0 bytes to the right of 256-byte region [ffff889108f3d200, ffff889108f3d300) The buggy address belongs to the physical page: page:000000007ef2a34c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1108f3c head:000000007ef2a34c order:2 compound_mapcount:0 compound_pincount:0 flags: 0x4000000000010200(slab|head|zone=2) raw: 4000000000010200 0000000000000000 dead000000000001 ffff889100042b40 raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff889108f3d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff889108f3d280: 00 00 ---truncated--- CVE-2022-50211 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2022-50211.html CVE-2022-50211 https://bugzilla.suse.com/1245140 SUSE Bug 1245140 https://bugzilla.suse.com/1245141 SUSE Bug 1245141 A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. CVE-2023-2176 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2023-2176.html CVE-2023-2176 https://bugzilla.suse.com/1210629 SUSE Bug 1210629 https://bugzilla.suse.com/1210630 SUSE Bug 1210630 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore, instead the _DEAD bit is set on so the set element is not visible from lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. rbtree and pipapo set backends does not set on the _DEAD bit from the sync GC path since this runs in control plane path where mutex is held. In this case, set elements are deactivated, removed and then released via RCU callback, sync GC never fails. CVE-2023-52923 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2023-52923.html CVE-2023-52923 https://bugzilla.suse.com/1236104 SUSE Bug 1236104 In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl. CVE-2023-52927 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2023-52927.html CVE-2023-52927 https://bugzilla.suse.com/1239644 SUSE Bug 1239644 https://bugzilla.suse.com/1246016 SUSE Bug 1246016 In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) CVE-2024-53057 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2024-53057.html CVE-2024-53057 https://bugzilla.suse.com/1233551 SUSE Bug 1233551 https://bugzilla.suse.com/1245816 SUSE Bug 1245816 In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty. CVE-2024-53164 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2024-53164.html CVE-2024-53164 https://bugzilla.suse.com/1234863 SUSE Bug 1234863 https://bugzilla.suse.com/1246019 SUSE Bug 1246019 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result and the fill map are swapped, so if we have a set where f->bsize of the first element is smaller than m->bsize_max, those one-bits are leaked into future rounds result map. This makes pipapo find an incorrect matching results for sets where first field size is not the largest. Followup patch adds a test case to nft_concat_range.sh selftest script. Thanks to Stefano Brivio for pointing out that we need to zero out the remainder explicitly, only correcting memset() argument isn't enough. CVE-2024-57947 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2024-57947.html CVE-2024-57947 https://bugzilla.suse.com/1236333 SUSE Bug 1236333 https://bugzilla.suse.com/1245799 SUSE Bug 1245799 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g., codel, netem) might drop packets and empty the queue 3. The code continues assuming the queue is still non-empty, adding the class to vttree 4. This breaks HFSC scheduler assumptions that only non-empty classes are in vttree 5. Later, when the class is destroyed, this can lead to a Use-After-Free The fix adds a second queue length check after qdisc_peek_len() to verify the queue wasn't emptied. CVE-2025-37797 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-37797.html CVE-2025-37797 https://bugzilla.suse.com/1242417 SUSE Bug 1242417 https://bugzilla.suse.com/1245793 SUSE Bug 1245793 In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdisc_dequeue(). CVE-2025-37798 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-37798.html CVE-2025-37798 https://bugzilla.suse.com/1242414 SUSE Bug 1242414 https://bugzilla.suse.com/1242417 SUSE Bug 1242417 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error. CVE-2025-38079 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38079.html CVE-2025-38079 https://bugzilla.suse.com/1245217 SUSE Bug 1245217 https://bugzilla.suse.com/1245218 SUSE Bug 1245218 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map. The early fix was incomplete and did only fix up the generic C implementation. A followup patch adds a test case to nft_concat_range.sh. CVE-2025-38120 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38120.html CVE-2025-38120 https://bugzilla.suse.com/1245711 SUSE Bug 1245711 In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life: 1. update_vf() decreases cl->cl_nactive, so we can check whether it is non-zero before calling it. 2. eltree_remove() always removes RB node cl->el_node, but we can use RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe. CVE-2025-38177 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38177.html CVE-2025-38177 https://bugzilla.suse.com/1245986 SUSE Bug 1245986 https://bugzilla.suse.com/1246356 SUSE Bug 1246356 In the Linux kernel, the following vulnerability has been resolved: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). syzkaller reported a null-ptr-deref in sock_omalloc() while allocating a CALIPSO option. [0] The NULL is of struct sock, which was fetched by sk_to_full_sk() in calipso_req_setattr(). Since commit a1a5344ddbe8 ("tcp: avoid two atomic ops for syncookies"), reqsk->rsk_listener could be NULL when SYN Cookie is returned to its client, as hinted by the leading SYN Cookie log. Here are 3 options to fix the bug: 1) Return 0 in calipso_req_setattr() 2) Return an error in calipso_req_setattr() 3) Alaways set rsk_listener 1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie for CALIPSO. 3) is also no go as there have been many efforts to reduce atomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under synflood"). As of the blamed commit, SYN Cookie already did not need refcounting, and no one has stumbled on the bug for 9 years, so no CALIPSO user will care about SYN Cookie. Let's return an error in calipso_req_setattr() and calipso_req_delattr() in the SYN Cookie case. This can be reproduced by [1] on Fedora and now connect() of nc times out. [0]: TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 RIP: 0010:read_pnet include/net/net_namespace.h:406 [inline] RIP: 0010:sock_net include/net/sock.h:655 [inline] RIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806 Code: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b RSP: 0018:ffff88811af89038 EFLAGS: 00010216 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400 RDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030 RBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e R10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000 R13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050 FS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0 PKRU: 80000000 Call Trace: <IRQ> ipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288 calipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204 calipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597 netlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249 selinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342 selinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551 security_inet_conn_request+0x50/0xa0 security/security.c:4945 tcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825 tcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275 tcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328 tcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781 tcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667 tcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904 ip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436 ip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480 NF_HOOK include/linux/netfilter.h:314 [inline] NF_HOOK include/linux/netfilter.h:308 [inline] ip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491 dst_input include/net/dst.h:469 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:79 [inline] ip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69 NF_HOOK include/linux/netfilter.h:314 [inline] NF_HOOK include/linux/netf ---truncated--- CVE-2025-38181 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38181.html CVE-2025-38181 https://bugzilla.suse.com/1246000 SUSE Bug 1246000 https://bugzilla.suse.com/1246001 SUSE Bug 1246001 In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer underflow by changing the type of related variables. CVE-2025-38200 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38200.html CVE-2025-38200 https://bugzilla.suse.com/1246045 SUSE Bug 1246045 https://bugzilla.suse.com/1246046 SUSE Bug 1246046 In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() is protected by rwsem, but this is not enough. If it is not protected by RCU read-critical region, when idr_for_each() calls radix_tree_node_free() through call_rcu() to free the radix_tree_node structure, the node will be freed immediately, and when reading the next node in radix_tree_for_each_slot(), the already freed memory may be read. Therefore, we need to add code to make sure that idr_for_each() is protected within the RCU read-critical region when we call it in shm_destroy_orphaned(). CVE-2025-38212 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38212.html CVE-2025-38212 https://bugzilla.suse.com/1246029 SUSE Bug 1246029 https://bugzilla.suse.com/1246030 SUSE Bug 1246030 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. CVE-2025-38213 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38213.html CVE-2025-38213 https://bugzilla.suse.com/1246037 SUSE Bug 1246037 https://bugzilla.suse.com/1246039 SUSE Bug 1246039 In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Prevent overflow in size calculation for memdup_user() Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an ioctl call so the result of the product in calculation of size passed to memdup_user() may overflow. In this case the actual size of the allocated area and the value describing it won't be in sync leading to various types of unpredictable behaviour later. Use a proper memdup_array_user() helper which returns an error if an overflow is detected. Note that it is different from when nr_apqns is initially zero - that case is considered valid and should be handled in subsequent pkey_handler implementations. Found by Linux Verification Center (linuxtesting.org). CVE-2025-38257 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38257.html CVE-2025-38257 https://bugzilla.suse.com/1246186 SUSE Bug 1246186 https://bugzilla.suse.com/1246189 SUSE Bug 1246189 In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used. CVE-2025-38494 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38494.html CVE-2025-38494 https://bugzilla.suse.com/1247349 SUSE Bug 1247349 https://bugzilla.suse.com/1247350 SUSE Bug 1247350 In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7. CVE-2025-38495 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38495.html CVE-2025-38495 https://bugzilla.suse.com/1247348 SUSE Bug 1247348 https://bugzilla.suse.com/1247351 SUSE Bug 1247351 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating that the length 'l' is greater than zero. This patch fixes the vulnerability by adding a check at the beginning of os_desc_qw_sign_store() and webusb_landingPage_store() to handle the zero-length input case gracefully by returning immediately. CVE-2025-38497 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.215.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_215-default-1-150300.7.3.1 SUSE Linux Enterprise Micro 5.1:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.1:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.215.1.150300.18.128.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.215.1 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.215.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502848-1/ https://www.suse.com/security/cve/CVE-2025-38497.html CVE-2025-38497 https://bugzilla.suse.com/1247347 SUSE Bug 1247347