Security update for the Linux Kernel (Live Patch 72 for SLE 12 SP5) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3684-1 Final 1 1 2025-10-20T18:03:48Z current 2025-10-20T18:03:48Z 2025-10-20T18:03:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 72 for SLE 12 SP5) This update for the Linux Kernel 4.12.14-122_272 fixes one issue. The following security issue was fixed: - CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250302). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3684,SUSE-SLE-Live-Patching-12-SP5-2025-3684 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253684-1/ Link for SUSE-SU-2025:3684-1 https://lists.suse.com/pipermail/sle-updates/2025-October/042222.html E-Mail link for SUSE-SU-2025:3684-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250302 SUSE Bug 1250302 https://www.suse.com/security/cve/CVE-2022-50386/ SUSE CVE CVE-2022-50386 page SUSE Linux Enterprise Live Patching 12 SP5 kgraft-patch-4_12_14-122_272-default-2-2.1 kgraft-patch-4_12_14-122_272-default-2-2.1 as a component of SUSE Linux Enterprise Live Patching 12 SP5 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix user-after-free This uses l2cap_chan_hold_unless_zero() after calling __l2cap_get_chan_blah() to prevent the following trace: Bluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref *kref) Bluetooth: chan 0000000023c4974d Bluetooth: parent 00000000ae861c08 ================================================================== BUG: KASAN: use-after-free in __mutex_waiter_is_first kernel/locking/mutex.c:191 [inline] BUG: KASAN: use-after-free in __mutex_lock_common kernel/locking/mutex.c:671 [inline] BUG: KASAN: use-after-free in __mutex_lock+0x278/0x400 kernel/locking/mutex.c:729 Read of size 8 at addr ffff888006a49b08 by task kworker/u3:2/389 CVE-2022-50386 SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_272-default-2-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253684-1/ https://www.suse.com/security/cve/CVE-2022-50386.html CVE-2022-50386 https://bugzilla.suse.com/1250301 SUSE Bug 1250301