Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:03188-1 Final 1 1 2025-09-12T06:33:49Z current 2025-09-12T06:33:49Z 2025-09-12T06:33:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5) This update for the Linux Kernel 5.14.21-150500_55_113 fixes several issues. The following security issues were fixed: - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246030). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3188,SUSE-SLE-Module-Live-Patching-15-SP5-2025-3188 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202503188-1/ Link for SUSE-SU-2025:03188-1 https://lists.suse.com/pipermail/sle-updates/2025-September/041667.html E-Mail link for SUSE-SU-2025:03188-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1245805 SUSE Bug 1245805 https://bugzilla.suse.com/1246030 SUSE Bug 1246030 https://www.suse.com/security/cve/CVE-2025-21701/ SUSE CVE CVE-2025-21701 page https://www.suse.com/security/cve/CVE-2025-38212/ SUSE CVE CVE-2025-38212 page SUSE Linux Enterprise Live Patching 15 SP5 kernel-livepatch-5_14_21-150500_55_113-default-4-150500.2.1 kernel-livepatch-5_14_21-150500_55_113-default-4-150500.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP5 In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120 CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771 RIP: 0010:__mutex_lock+0xc8a/0x1120 Call Trace: <TASK> ethtool_check_max_channel+0x1ea/0x880 ethnl_set_channels+0x3c3/0xb10 ethnl_default_set_doit+0x306/0x650 genl_family_rcv_msg_doit+0x1e3/0x2c0 genl_rcv_msg+0x432/0x6f0 netlink_rcv_skb+0x13d/0x3b0 genl_rcv+0x28/0x40 netlink_unicast+0x42e/0x720 netlink_sendmsg+0x765/0xc20 __sys_sendto+0x3ac/0x420 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e This is because unregister_netdevice_many_notify might run before the rtnl lock section of ethnl operations, eg. set_channels in the above example. In this example the rss lock would be destroyed by the device unregistration path before being used again, but in general running ethnl operations while dismantle has started is not a good idea. Fix this by denying any operation on devices being unregistered. A check was already there in ethnl_ops_begin, but not wide enough. Note that the same issue cannot be seen on the ioctl version (__dev_ethtool) because the device reference is retrieved from within the rtnl lock section there. Once dismantle started, the net device is unlisted and no reference will be found. CVE-2025-21701 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-4-150500.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503188-1/ https://www.suse.com/security/cve/CVE-2025-21701.html CVE-2025-21701 https://bugzilla.suse.com/1237164 SUSE Bug 1237164 https://bugzilla.suse.com/1245805 SUSE Bug 1245805 In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() is protected by rwsem, but this is not enough. If it is not protected by RCU read-critical region, when idr_for_each() calls radix_tree_node_free() through call_rcu() to free the radix_tree_node structure, the node will be freed immediately, and when reading the next node in radix_tree_for_each_slot(), the already freed memory may be read. Therefore, we need to add code to make sure that idr_for_each() is protected within the RCU read-critical region when we call it in shm_destroy_orphaned(). CVE-2025-38212 SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-4-150500.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503188-1/ https://www.suse.com/security/cve/CVE-2025-38212.html CVE-2025-38212 https://bugzilla.suse.com/1246029 SUSE Bug 1246029 https://bugzilla.suse.com/1246030 SUSE Bug 1246030