Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:03485-1 Final 1 1 2025-10-08T00:36:00Z current 2025-10-08T00:36:00Z 2025-10-08T00:36:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5) This update for the Linux Kernel 4.12.14-122_266 fixes one issue. The following security issue was fixed: - CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247315). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3485,SUSE-SLE-Live-Patching-12-SP5-2025-3485 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202503485-1/ Link for SUSE-SU-2025:03485-1 https://lists.suse.com/pipermail/sle-updates/2025-October/042023.html E-Mail link for SUSE-SU-2025:03485-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1247315 SUSE Bug 1247315 https://www.suse.com/security/cve/CVE-2025-38477/ SUSE CVE CVE-2025-38477 page SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_266-default-5-2.1 kgraft-patch-4_12_14-122_266-default-5-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, qfq_dump_class may trigger a NULL dereference, and qfq_delete_class may cause a use-after-free. This patch addresses the issue by: 1. Moved qfq_destroy_class into the critical section. 2. Added sch_tree_lock protection to qfq_dump_class and qfq_dump_class_stats. CVE-2025-38477 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-5-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202503485-1/ https://www.suse.com/security/cve/CVE-2025-38477.html CVE-2025-38477 https://bugzilla.suse.com/1247314 SUSE Bug 1247314 https://bugzilla.suse.com/1247315 SUSE Bug 1247315