Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3683-1 Final 1 1 2025-10-20T17:05:06Z current 2025-10-20T17:05:06Z 2025-10-20T17:05:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 51 for SLE 15 SP3) This update for the Linux Kernel 5.3.18-150300_59_185 fixes several issues. The following security issues were fixed: - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673). - CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1245794). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3683,SUSE-SLE-Module-Live-Patching-15-SP3-2025-3683 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253683-1/ Link for SUSE-SU-2025:3683-1 https://lists.suse.com/pipermail/sle-updates/2025-October/042223.html E-Mail link for SUSE-SU-2025:3683-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1245794 SUSE Bug 1245794 https://bugzilla.suse.com/1246075 SUSE Bug 1246075 https://bugzilla.suse.com/1248673 SUSE Bug 1248673 https://bugzilla.suse.com/1248749 SUSE Bug 1248749 https://www.suse.com/security/cve/CVE-2025-21971/ SUSE CVE CVE-2025-21971 page https://www.suse.com/security/cve/CVE-2025-38206/ SUSE CVE CVE-2025-38206 page https://www.suse.com/security/cve/CVE-2025-38499/ SUSE CVE CVE-2025-38499 page https://www.suse.com/security/cve/CVE-2025-38644/ SUSE CVE CVE-2025-38644 page SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_185-default-14-150300.2.1 kernel-livepatch-5_3_18-150300_59_185-preempt-14-150300.2.1 kernel-livepatch-5_3_18-150300_59_185-default-14-150300.2.1 as a component of SUSE Linux Enterprise Live Patching 15 SP3 In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created with classid TC_H_ROOT, the traversal terminates prematurely at this class instead of reaching the actual root qdisc, causing parent statistics to be incorrectly maintained. In case of DRR, this could lead to a crash as reported by Mingi Cho. Prevent the creation of any Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) across all qdisc types, as suggested by Jamal. CVE-2025-21971 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-14-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253683-1/ https://www.suse.com/security/cve/CVE-2025-21971.html CVE-2025-21971 https://bugzilla.suse.com/1240799 SUSE Bug 1240799 https://bugzilla.suse.com/1245794 SUSE Bug 1245794 In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : free ->vol_utbl exfat_load_default_upcase_table : return error exfat_kill_sb() delayed_free() exfat_free_upcase_table() <--------- double free This patch set ->vol_util as NULL after freeing it. CVE-2025-38206 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-14-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253683-1/ https://www.suse.com/security/cve/CVE-2025-38206.html CVE-2025-38206 https://bugzilla.suse.com/1246073 SUSE Bug 1246073 https://bugzilla.suse.com/1246075 SUSE Bug 1246075 In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above. CVE-2025-38499 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-14-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253683-1/ https://www.suse.com/security/cve/CVE-2025-38499.html CVE-2025-38499 https://bugzilla.suse.com/1247976 SUSE Bug 1247976 https://bugzilla.suse.com/1248673 SUSE Bug 1248673 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup. This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid. Reject the operation early if not in station mode or not associated. CVE-2025-38644 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_185-default-14-150300.2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253683-1/ https://www.suse.com/security/cve/CVE-2025-38644.html CVE-2025-38644 https://bugzilla.suse.com/1248748 SUSE Bug 1248748 https://bugzilla.suse.com/1248749 SUSE Bug 1248749