Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4530-1 Final 1 1 2025-12-29T10:48:23Z current 2025-12-29T10:48:23Z 2025-12-29T10:48:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53659: iavf: Fix out-of-bounds when setting channels on remove (bsc#1251247). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252560). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: - cifs: Check the lease context if we actually got a lease (bsc#1228688). - cifs: return a single-use cfid if we did not get a lease (bsc#1228688). - smb3: fix Open files on server counter going negative (git-fixes). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sle-micro-rancher/5.2:latest-2025-4530,SUSE-2025-4530,SUSE-SLE-Module-Live-Patching-15-SP3-2025-4530,SUSE-SLE-Product-HA-15-SP3-2025-4530,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4530,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4530,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4530,SUSE-SUSE-MicroOS-5.2-2025-4530,SUSE-Storage-7.1-2025-4530 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254530-1/ Link for SUSE-SU-2025:4530-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023658.html E-Mail link for SUSE-SU-2025:4530-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1228688 SUSE Bug 1228688 https://bugzilla.suse.com/1249806 SUSE Bug 1249806 https://bugzilla.suse.com/1251247 SUSE Bug 1251247 https://bugzilla.suse.com/1251786 SUSE Bug 1251786 https://bugzilla.suse.com/1252560 SUSE Bug 1252560 https://bugzilla.suse.com/1252780 SUSE Bug 1252780 https://bugzilla.suse.com/1253367 SUSE Bug 1253367 https://bugzilla.suse.com/1253431 SUSE Bug 1253431 https://bugzilla.suse.com/1253436 SUSE Bug 1253436 https://www.suse.com/security/cve/CVE-2022-50280/ SUSE CVE CVE-2022-50280 page https://www.suse.com/security/cve/CVE-2023-53659/ SUSE CVE CVE-2023-53659 page https://www.suse.com/security/cve/CVE-2023-53676/ SUSE CVE CVE-2023-53676 page https://www.suse.com/security/cve/CVE-2023-53717/ SUSE CVE CVE-2023-53717 page https://www.suse.com/security/cve/CVE-2025-40040/ SUSE CVE CVE-2025-40040 page https://www.suse.com/security/cve/CVE-2025-40121/ SUSE CVE CVE-2025-40121 page https://www.suse.com/security/cve/CVE-2025-40154/ SUSE CVE CVE-2025-40154 page https://www.suse.com/security/cve/CVE-2025-40204/ SUSE CVE CVE-2025-40204 page Container suse/sle-micro-rancher/5.2:latest SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability Extension 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Live Patching 15 SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-default-5.3.18-150300.59.229.3 cluster-md-kmp-64kb-5.3.18-150300.59.229.3 cluster-md-kmp-default-5.3.18-150300.59.229.3 cluster-md-kmp-preempt-5.3.18-150300.59.229.3 dlm-kmp-64kb-5.3.18-150300.59.229.3 dlm-kmp-default-5.3.18-150300.59.229.3 dlm-kmp-preempt-5.3.18-150300.59.229.3 dtb-al-5.3.18-150300.59.229.1 dtb-allwinner-5.3.18-150300.59.229.1 dtb-altera-5.3.18-150300.59.229.1 dtb-amd-5.3.18-150300.59.229.1 dtb-amlogic-5.3.18-150300.59.229.1 dtb-apm-5.3.18-150300.59.229.1 dtb-arm-5.3.18-150300.59.229.1 dtb-broadcom-5.3.18-150300.59.229.1 dtb-cavium-5.3.18-150300.59.229.1 dtb-exynos-5.3.18-150300.59.229.1 dtb-freescale-5.3.18-150300.59.229.1 dtb-hisilicon-5.3.18-150300.59.229.1 dtb-lg-5.3.18-150300.59.229.1 dtb-marvell-5.3.18-150300.59.229.1 dtb-mediatek-5.3.18-150300.59.229.1 dtb-nvidia-5.3.18-150300.59.229.1 dtb-qcom-5.3.18-150300.59.229.1 dtb-renesas-5.3.18-150300.59.229.1 dtb-rockchip-5.3.18-150300.59.229.1 dtb-socionext-5.3.18-150300.59.229.1 dtb-sprd-5.3.18-150300.59.229.1 dtb-xilinx-5.3.18-150300.59.229.1 dtb-zte-5.3.18-150300.59.229.1 gfs2-kmp-64kb-5.3.18-150300.59.229.3 gfs2-kmp-default-5.3.18-150300.59.229.3 gfs2-kmp-preempt-5.3.18-150300.59.229.3 kernel-64kb-5.3.18-150300.59.229.3 kernel-64kb-devel-5.3.18-150300.59.229.3 kernel-64kb-extra-5.3.18-150300.59.229.3 kernel-64kb-optional-5.3.18-150300.59.229.3 kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 kernel-default-base-rebuild-5.3.18-150300.59.229.3.150300.18.136.3 kernel-default-devel-5.3.18-150300.59.229.3 kernel-default-extra-5.3.18-150300.59.229.3 kernel-default-livepatch-5.3.18-150300.59.229.3 kernel-default-livepatch-devel-5.3.18-150300.59.229.3 kernel-default-optional-5.3.18-150300.59.229.3 kernel-devel-5.3.18-150300.59.229.3 kernel-docs-5.3.18-150300.59.229.2 kernel-docs-html-5.3.18-150300.59.229.2 kernel-kvmsmall-5.3.18-150300.59.229.3 kernel-kvmsmall-devel-5.3.18-150300.59.229.3 kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3 kernel-livepatch-5_3_18-150300_59_229-preempt-1-150300.7.3.3 kernel-macros-5.3.18-150300.59.229.3 kernel-obs-build-5.3.18-150300.59.229.3 kernel-obs-qa-5.3.18-150300.59.229.1 kernel-preempt-5.3.18-150300.59.229.3 kernel-preempt-devel-5.3.18-150300.59.229.3 kernel-preempt-extra-5.3.18-150300.59.229.3 kernel-preempt-optional-5.3.18-150300.59.229.3 kernel-source-5.3.18-150300.59.229.3 kernel-source-vanilla-5.3.18-150300.59.229.3 kernel-syms-5.3.18-150300.59.229.1 kernel-zfcpdump-5.3.18-150300.59.229.3 kselftests-kmp-64kb-5.3.18-150300.59.229.3 kselftests-kmp-default-5.3.18-150300.59.229.3 kselftests-kmp-preempt-5.3.18-150300.59.229.3 ocfs2-kmp-64kb-5.3.18-150300.59.229.3 ocfs2-kmp-default-5.3.18-150300.59.229.3 ocfs2-kmp-preempt-5.3.18-150300.59.229.3 reiserfs-kmp-64kb-5.3.18-150300.59.229.3 reiserfs-kmp-default-5.3.18-150300.59.229.3 reiserfs-kmp-preempt-5.3.18-150300.59.229.3 kernel-default-5.3.18-150300.59.229.3 as a component of Container suse/sle-micro-rancher/5.2:latest kernel-64kb-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 kernel-64kb-devel-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 kernel-default-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 as a component of SUSE Enterprise Storage 7.1 kernel-default-devel-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 kernel-devel-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 kernel-docs-5.3.18-150300.59.229.2 as a component of SUSE Enterprise Storage 7.1 kernel-macros-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 kernel-obs-build-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 kernel-preempt-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 kernel-preempt-devel-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 kernel-source-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 kernel-syms-5.3.18-150300.59.229.1 as a component of SUSE Enterprise Storage 7.1 reiserfs-kmp-default-5.3.18-150300.59.229.3 as a component of SUSE Enterprise Storage 7.1 cluster-md-kmp-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 dlm-kmp-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 gfs2-kmp-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 ocfs2-kmp-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 kernel-64kb-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-64kb-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-default-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-docs-5.3.18-150300.59.229.2 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-macros-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-obs-build-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-preempt-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-preempt-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-source-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-syms-5.3.18-150300.59.229.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS reiserfs-kmp-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS kernel-default-livepatch-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-default-livepatch-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3 as a component of SUSE Linux Enterprise Live Patching 15 SP3 kernel-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Micro 5.2 kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 as a component of SUSE Linux Enterprise Micro 5.2 kernel-64kb-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-64kb-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-default-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-docs-5.3.18-150300.59.229.2 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-macros-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-obs-build-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-preempt-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-preempt-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-source-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-syms-5.3.18-150300.59.229.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-zfcpdump-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS reiserfs-kmp-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS kernel-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-default-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-docs-5.3.18-150300.59.229.2 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-macros-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-obs-build-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-preempt-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-preempt-devel-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-source-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 kernel-syms-5.3.18-150300.59.229.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 reiserfs-kmp-default-5.3.18-150300.59.229.3 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 In the Linux kernel, the following vulnerability has been resolved: pnode: terminate at peers of source The propagate_mnt() function handles mount propagation when creating mounts and propagates the source mount tree @source_mnt to all applicable nodes of the destination propagation mount tree headed by @dest_mnt. Unfortunately it contains a bug where it fails to terminate at peers of @source_mnt when looking up copies of the source mount that become masters for copies of the source mount tree mounted on top of slaves in the destination propagation tree causing a NULL dereference. Once the mechanics of the bug are understood it's easy to trigger. Because of unprivileged user namespaces it is available to unprivileged users. While fixing this bug we've gotten confused multiple times due to unclear terminology or missing concepts. So let's start this with some clarifications: * The terms "master" or "peer" denote a shared mount. A shared mount belongs to a peer group. * A peer group is a set of shared mounts that propagate to each other. They are identified by a peer group id. The peer group id is available in @shared_mnt->mnt_group_id. Shared mounts within the same peer group have the same peer group id. The peers in a peer group can be reached via @shared_mnt->mnt_share. * The terms "slave mount" or "dependent mount" denote a mount that receives propagation from a peer in a peer group. IOW, shared mounts may have slave mounts and slave mounts have shared mounts as their master. Slave mounts of a given peer in a peer group are listed on that peers slave list available at @shared_mnt->mnt_slave_list. * The term "master mount" denotes a mount in a peer group. IOW, it denotes a shared mount or a peer mount in a peer group. The term "master mount" - or "master" for short - is mostly used when talking in the context of slave mounts that receive propagation from a master mount. A master mount of a slave identifies the closest peer group a slave mount receives propagation from. The master mount of a slave can be identified via @slave_mount->mnt_master. Different slaves may point to different masters in the same peer group. * Multiple peers in a peer group can have non-empty ->mnt_slave_lists. Non-empty ->mnt_slave_lists of peers don't intersect. Consequently, to ensure all slave mounts of a peer group are visited the ->mnt_slave_lists of all peers in a peer group have to be walked. * Slave mounts point to a peer in the closest peer group they receive propagation from via @slave_mnt->mnt_master (see above). Together with these peers they form a propagation group (see below). The closest peer group can thus be identified through the peer group id @slave_mnt->mnt_master->mnt_group_id of the peer/master that a slave mount receives propagation from. * A shared-slave mount is a slave mount to a peer group pg1 while also a peer in another peer group pg2. IOW, a peer group may receive propagation from another peer group. If a peer group pg1 is a slave to another peer group pg2 then all peers in peer group pg1 point to the same peer in peer group pg2 via ->mnt_master. IOW, all peers in peer group pg1 appear on the same ->mnt_slave_list. IOW, they cannot be slaves to different peer groups. * A pure slave mount is a slave mount that is a slave to a peer group but is not a peer in another peer group. * A propagation group denotes the set of mounts consisting of a single peer group pg1 and all slave mounts and shared-slave mounts that point to a peer in that peer group via ->mnt_master. IOW, all slave mounts such that @slave_mnt->mnt_master->mnt_group_id is equal to @shared_mnt->mnt_group_id. The concept of a propagation group makes it easier to talk about a single propagation level in a propagation tree. For example, in propagate_mnt() the immediate peers of @dest_mnt and all slaves of @dest_mnt's peer group form a propagation group pr ---truncated--- CVE-2022-50280 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.229.2 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.229.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:reiserfs-kmp-default-5.3.18-150300.59.229.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254530-1/ https://www.suse.com/security/cve/CVE-2022-50280.html CVE-2022-50280 https://bugzilla.suse.com/1249806 SUSE Bug 1249806 In the Linux kernel, the following vulnerability has been resolved: iavf: Fix out-of-bounds when setting channels on remove If we set channels greater during iavf_remove(), and waiting reset done would be timeout, then returned with error but changed num_active_queues directly, that will lead to OOB like the following logs. Because the num_active_queues is greater than tx/rx_rings[] allocated actually. Reproducer: [root@host ~]# cat repro.sh #!/bin/bash pf_dbsf="0000:41:00.0" vf0_dbsf="0000:41:02.0" g_pids=() function do_set_numvf() { echo 2 >/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs sleep $((RANDOM%3+1)) echo 0 >/sys/bus/pci/devices/${pf_dbsf}/sriov_numvfs sleep $((RANDOM%3+1)) } function do_set_channel() { local nic=$(ls -1 --indicator-style=none /sys/bus/pci/devices/${vf0_dbsf}/net/) [ -z "$nic" ] && { sleep $((RANDOM%3)) ; return 1; } ifconfig $nic 192.168.18.5 netmask 255.255.255.0 ifconfig $nic up ethtool -L $nic combined 1 ethtool -L $nic combined 4 sleep $((RANDOM%3)) } function on_exit() { local pid for pid in "${g_pids[@]}"; do kill -0 "$pid" &>/dev/null && kill "$pid" &>/dev/null done g_pids=() } trap "on_exit; exit" EXIT while :; do do_set_numvf ; done & g_pids+=($!) while :; do do_set_channel ; done & g_pids+=($!) wait Result: [ 3506.152887] iavf 0000:41:02.0: Removing device [ 3510.400799] ================================================================== [ 3510.400820] BUG: KASAN: slab-out-of-bounds in iavf_free_all_tx_resources+0x156/0x160 [iavf] [ 3510.400823] Read of size 8 at addr ffff88b6f9311008 by task repro.sh/55536 [ 3510.400823] [ 3510.400830] CPU: 101 PID: 55536 Comm: repro.sh Kdump: loaded Tainted: G O --------- -t - 4.18.0 #1 [ 3510.400832] Hardware name: Powerleader PR2008AL/H12DSi-N6, BIOS 2.0 04/09/2021 [ 3510.400835] Call Trace: [ 3510.400851] dump_stack+0x71/0xab [ 3510.400860] print_address_description+0x6b/0x290 [ 3510.400865] ? iavf_free_all_tx_resources+0x156/0x160 [iavf] [ 3510.400868] kasan_report+0x14a/0x2b0 [ 3510.400873] iavf_free_all_tx_resources+0x156/0x160 [iavf] [ 3510.400880] iavf_remove+0x2b6/0xc70 [iavf] [ 3510.400884] ? iavf_free_all_rx_resources+0x160/0x160 [iavf] [ 3510.400891] ? wait_woken+0x1d0/0x1d0 [ 3510.400895] ? notifier_call_chain+0xc1/0x130 [ 3510.400903] pci_device_remove+0xa8/0x1f0 [ 3510.400910] device_release_driver_internal+0x1c6/0x460 [ 3510.400916] pci_stop_bus_device+0x101/0x150 [ 3510.400919] pci_stop_and_remove_bus_device+0xe/0x20 [ 3510.400924] pci_iov_remove_virtfn+0x187/0x420 [ 3510.400927] ? pci_iov_add_virtfn+0xe10/0xe10 [ 3510.400929] ? pci_get_subsys+0x90/0x90 [ 3510.400932] sriov_disable+0xed/0x3e0 [ 3510.400936] ? bus_find_device+0x12d/0x1a0 [ 3510.400953] i40e_free_vfs+0x754/0x1210 [i40e] [ 3510.400966] ? i40e_reset_all_vfs+0x880/0x880 [i40e] [ 3510.400968] ? pci_get_device+0x7c/0x90 [ 3510.400970] ? pci_get_subsys+0x90/0x90 [ 3510.400982] ? pci_vfs_assigned.part.7+0x144/0x210 [ 3510.400987] ? __mutex_lock_slowpath+0x10/0x10 [ 3510.400996] i40e_pci_sriov_configure+0x1fa/0x2e0 [i40e] [ 3510.401001] sriov_numvfs_store+0x214/0x290 [ 3510.401005] ? sriov_totalvfs_show+0x30/0x30 [ 3510.401007] ? __mutex_lock_slowpath+0x10/0x10 [ 3510.401011] ? __check_object_size+0x15a/0x350 [ 3510.401018] kernfs_fop_write+0x280/0x3f0 [ 3510.401022] vfs_write+0x145/0x440 [ 3510.401025] ksys_write+0xab/0x160 [ 3510.401028] ? __ia32_sys_read+0xb0/0xb0 [ 3510.401031] ? fput_many+0x1a/0x120 [ 3510.401032] ? filp_close+0xf0/0x130 [ 3510.401038] do_syscall_64+0xa0/0x370 [ 3510.401041] ? page_fault+0x8/0x30 [ 3510.401043] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 3510.401073] RIP: 0033:0x7f3a9bb842c0 [ 3510.401079] Code: 73 01 c3 48 8b 0d d8 cb 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 24 2d 00 00 75 10 b8 01 00 00 00 0f 05 <48> 3d ---truncated--- CVE-2023-53659 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.229.2 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.229.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:reiserfs-kmp-default-5.3.18-150300.59.229.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254530-1/ https://www.suse.com/security/cve/CVE-2023-53659.html CVE-2023-53659 https://bugzilla.suse.com/1251247 SUSE Bug 1251247 https://bugzilla.suse.com/1251248 SUSE Bug 1251248 In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With enough iSCSI connections it's possible to overflow the buffer provided by configfs and corrupt the memory. This patch replaces sprintf() with sysfs_emit_at() that checks for buffer boundries. CVE-2023-53676 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.229.2 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.229.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:reiserfs-kmp-default-5.3.18-150300.59.229.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254530-1/ https://www.suse.com/security/cve/CVE-2023-53676.html CVE-2023-53676 https://bugzilla.suse.com/1251786 SUSE Bug 1251786 https://bugzilla.suse.com/1251787 SUSE Bug 1251787 In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9k_wmi_cmd(). The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that could no longer be valid when a timeout occurs. Set wmi->last_seq_id to 0 when a timeout occurred. Found by a modified version of syzkaller. BUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx Write of size 4 Call Trace: memcpy ath9k_wmi_ctrl_rx ath9k_htc_rx_msg ath9k_hif_usb_reg_in_cb __usb_hcd_giveback_urb usb_hcd_giveback_urb dummy_timer call_timer_fn run_timer_softirq __do_softirq irq_exit_rcu sysvec_apic_timer_interrupt CVE-2023-53717 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.229.2 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.229.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:reiserfs-kmp-default-5.3.18-150300.59.229.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254530-1/ https://www.suse.com/security/cve/CVE-2023-53717.html CVE-2023-53717 https://bugzilla.suse.com/1252560 SUSE Bug 1252560 https://bugzilla.suse.com/1252563 SUSE Bug 1252563 In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksm_madvise syzkaller discovered the following crash: (kernel BUG) [ 44.607039] ------------[ cut here ]------------ [ 44.607422] kernel BUG at mm/userfaultfd.c:2067! [ 44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI [ 44.608814] CPU: 1 UID: 0 PID: 2475 Comm: reproducer Not tainted 6.16.0-rc6 #1 PREEMPT(none) [ 44.609635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 [ 44.610695] RIP: 0010:userfaultfd_release_all+0x3a8/0x460 <snip other registers, drop unreliable trace> [ 44.617726] Call Trace: [ 44.617926] <TASK> [ 44.619284] userfaultfd_release+0xef/0x1b0 [ 44.620976] __fput+0x3f9/0xb60 [ 44.621240] fput_close_sync+0x110/0x210 [ 44.622222] __x64_sys_close+0x8f/0x120 [ 44.622530] do_syscall_64+0x5b/0x2f0 [ 44.622840] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 44.623244] RIP: 0033:0x7f365bb3f227 Kernel panics because it detects UFFD inconsistency during userfaultfd_release_all(). Specifically, a VMA which has a valid pointer to vma->vm_userfaultfd_ctx, but no UFFD flags in vma->vm_flags. The inconsistency is caused in ksm_madvise(): when user calls madvise() with MADV_UNMEARGEABLE on a VMA that is registered for UFFD in MINOR mode, it accidentally clears all flags stored in the upper 32 bits of vma->vm_flags. Assuming x86_64 kernel build, unsigned long is 64-bit and unsigned int and int are 32-bit wide. This setup causes the following mishap during the &= ~VM_MERGEABLE assignment. VM_MERGEABLE is a 32-bit constant of type unsigned int, 0x8000'0000. After ~ is applied, it becomes 0x7fff'ffff unsigned int, which is then promoted to unsigned long before the & operation. This promotion fills upper 32 bits with leading 0s, as we're doing unsigned conversion (and even for a signed conversion, this wouldn't help as the leading bit is 0). & operation thus ends up AND-ing vm_flags with 0x0000'0000'7fff'ffff instead of intended 0xffff'ffff'7fff'ffff and hence accidentally clears the upper 32-bits of its value. Fix it by changing `VM_MERGEABLE` constant to unsigned long, using the BIT() macro. Note: other VM_* flags are not affected: This only happens to the VM_MERGEABLE flag, as the other VM_* flags are all constants of type int and after ~ operation, they end up with leading 1 and are thus converted to unsigned long with leading 1s. Note 2: After commit 31defc3b01d9 ("userfaultfd: remove (VM_)BUG_ON()s"), this is no longer a kernel BUG, but a WARNING at the same place: [ 45.595973] WARNING: CPU: 1 PID: 2474 at mm/userfaultfd.c:2067 but the root-cause (flag-drop) remains the same. [akpm@linux-foundation.org: rust bindgen wasn't able to handle BIT(), from Miguel] CVE-2025-40040 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.229.2 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.229.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:reiserfs-kmp-default-5.3.18-150300.59.229.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254530-1/ https://www.suse.com/security/cve/CVE-2025-40040.html CVE-2025-40040 https://bugzilla.suse.com/1252780 SUSE Bug 1252780 In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver just ignores and leaves as is, which may lead to unepxected results like OOB access. This patch adds the sanity check and corrects the input mapping to the certain default value if an invalid value is passed. CVE-2025-40121 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.229.2 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.229.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:reiserfs-kmp-default-5.3.18-150300.59.229.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254530-1/ https://www.suse.com/security/cve/CVE-2025-40121.html CVE-2025-40121 https://bugzilla.suse.com/1253367 SUSE Bug 1253367 https://bugzilla.suse.com/1253430 SUSE Bug 1253430 In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxected results like OOB access. This patch corrects the input mapping to the certain default value if an invalid value is passed. CVE-2025-40154 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.229.2 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.229.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:reiserfs-kmp-default-5.3.18-150300.59.229.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254530-1/ https://www.suse.com/security/cve/CVE-2025-40154.html CVE-2025-40154 https://bugzilla.suse.com/1253431 SUSE Bug 1253431 https://bugzilla.suse.com/1253432 SUSE Bug 1253432 In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. CVE-2025-40204 Container suse/sle-micro-rancher/5.2:latest:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Enterprise Storage 7.1:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-docs-5.3.18-150300.59.229.2 SUSE Enterprise Storage 7.1:kernel-macros-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-source-5.3.18-150300.59.229.3 SUSE Enterprise Storage 7.1:kernel-syms-5.3.18-150300.59.229.1 SUSE Enterprise Storage 7.1:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:cluster-md-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:dlm-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:gfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Availability Extension 15 SP3:ocfs2-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-default-livepatch-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_229-default-1-150300.7.3.3 SUSE Linux Enterprise Micro 5.2:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Micro 5.2:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-64kb-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server 15 SP3-LTSS:kernel-zfcpdump-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server 15 SP3-LTSS:reiserfs-kmp-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-base-5.3.18-150300.59.229.3.150300.18.136.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-default-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-docs-5.3.18-150300.59.229.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-macros-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-obs-build-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-preempt-devel-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-source-5.3.18-150300.59.229.3 SUSE Linux Enterprise Server for SAP Applications 15 SP3:kernel-syms-5.3.18-150300.59.229.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:reiserfs-kmp-default-5.3.18-150300.59.229.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254530-1/ https://www.suse.com/security/cve/CVE-2025-40204.html CVE-2025-40204 https://bugzilla.suse.com/1253436 SUSE Bug 1253436 https://bugzilla.suse.com/1253437 SUSE Bug 1253437