Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1121-1 Final 1 1 2025-04-02T16:33:30Z current 2025-04-02T16:33:30Z 2025-04-02T16:33:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 49 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-150300_59_179 fixes one issue. The following security issue was fixed: - CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1233023). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1121,SUSE-SLE-Module-Live-Patching-15-SP3-2025-1121 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251121-1/ Link for SUSE-SU-2025:1121-1 https://lists.suse.com/pipermail/sle-updates/2025-April/038894.html E-Mail link for SUSE-SU-2025:1121-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1233023 SUSE Bug 1233023 https://www.suse.com/security/cve/CVE-2022-49025/ SUSE CVE CVE-2022-49025 page SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_179-default-6-150300.2.1 kernel-livepatch-5_3_18-150300_59_179-preempt-6-150300.2.1 kernel-livepatch-5_3_18-150300_59_179-default-6-150300.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the assignment in attr->dests[num_vport_dests].termtbl which case a use-after-free when releasing the rule. Fix by resetting the assignment of termtbl to null. CVE-2022-49025 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_179-default-6-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251121-1/ https://www.suse.com/security/cve/CVE-2022-49025.html CVE-2022-49025 https://bugzilla.suse.com/1231960 SUSE Bug 1231960 https://bugzilla.suse.com/1233023 SUSE Bug 1233023