Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02936-1 Final 1 1 2025-08-21T09:03:55Z current 2025-08-21T09:03:55Z 2025-08-21T09:03:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP4) This update for the Linux Kernel 5.14.21-150400_24_170 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350). - CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351). - CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2936,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2936 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502936-1/ Link for SUSE-SU-2025:02936-1 https://lists.suse.com/pipermail/sle-updates/2025-August/041323.html E-Mail link for SUSE-SU-2025:02936-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1232927 SUSE Bug 1232927 https://bugzilla.suse.com/1245218 SUSE Bug 1245218 https://bugzilla.suse.com/1247350 SUSE Bug 1247350 https://bugzilla.suse.com/1247351 SUSE Bug 1247351 https://www.suse.com/security/cve/CVE-2025-38079/ SUSE CVE CVE-2025-38079 page https://www.suse.com/security/cve/CVE-2025-38494/ SUSE CVE CVE-2025-38494 page https://www.suse.com/security/cve/CVE-2025-38495/ SUSE CVE CVE-2025-38495 page SUSE Linux Enterprise Live Patching 15 SP4 kernel-livepatch-5_14_21-150400_24_170-default-2-150400.2.1 kernel-livepatch-5_14_21-150400_24_170-default-2-150400.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP4 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error. CVE-2025-38079 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_170-default-2-150400.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502936-1/ https://www.suse.com/security/cve/CVE-2025-38079.html CVE-2025-38079 https://bugzilla.suse.com/1245217 SUSE Bug 1245217 https://bugzilla.suse.com/1245218 SUSE Bug 1245218 In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those checks and allowed invalid paramto be used. CVE-2025-38494 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_170-default-2-150400.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502936-1/ https://www.suse.com/security/cve/CVE-2025-38494.html CVE-2025-38494 https://bugzilla.suse.com/1247349 SUSE Bug 1247349 https://bugzilla.suse.com/1247350 SUSE Bug 1247350 In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account for that extra byte, meaning that instead of having 8 guaranteed bytes for implement to be working, we only have 7. CVE-2025-38495 SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_170-default-2-150400.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502936-1/ https://www.suse.com/security/cve/CVE-2025-38495.html CVE-2025-38495 https://bugzilla.suse.com/1247348 SUSE Bug 1247348 https://bugzilla.suse.com/1247351 SUSE Bug 1247351