Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-53125 (GCVE-0-2024-53125)
Vulnerability from cvelistv5 – Published: 2024-12-04 14:11 – Updated: 2026-05-11 20:51
VLAI
EPSS
Title
bpf: sync_linked_regs() must preserve subreg_def
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: sync_linked_regs() must preserve subreg_def
Range propagation must not affect subreg_def marks, otherwise the
following example is rewritten by verifier incorrectly when
BPF_F_TEST_RND_HI32 flag is set:
0: call bpf_ktime_get_ns call bpf_ktime_get_ns
1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff
2: w1 = w0 rewrites w1 = w0
3: if w0 < 10 goto +0 --------------> r11 = 0x2f5674a6 (r)
4: r1 >>= 32 r11 <<= 32 (r)
5: r0 = r1 r1 |= r11 (r)
6: exit; if w0 < 0xa goto pc+0
r1 >>= 32
r0 = r1
exit
(or zero extension of w1 at (2) is missing for architectures that
require zero extension for upper register half).
The following happens w/o this patch:
- r0 is marked as not a subreg at (0);
- w1 is marked as subreg at (2);
- w1 subreg_def is overridden at (3) by copy_register_state();
- w1 is read at (5) but mark_insn_zext() does not mark (2)
for zero extension, because w1 subreg_def is not set;
- because of BPF_F_TEST_RND_HI32 flag verifier inserts random
value for hi32 bits of (2) (marked (r));
- this random value is read at (5).
Severity
5.5 (Medium)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
75748837b7e56919679e02163f45d5818c644d03 , < dadf82c1b2608727bcc306843b540cd7414055a7
(git)
Affected: 75748837b7e56919679e02163f45d5818c644d03 , < b57ac2d92c1f565743f6890a5b9cf317ed856b09 (git) Affected: 75748837b7e56919679e02163f45d5818c644d03 , < 60fd3538d2a8fd44c41d25088c0ece3e1fd30659 (git) Affected: 75748837b7e56919679e02163f45d5818c644d03 , < bfe9446ea1d95f6cb7848da19dfd58d2eec6fd84 (git) Affected: 75748837b7e56919679e02163f45d5818c644d03 , < e2ef0f317a52e678fe8fa84b94d6a15b466d6ff0 (git) Affected: 75748837b7e56919679e02163f45d5818c644d03 , < e9bd9c498cb0f5843996dbe5cbce7a1836a83c70 (git) |
|
| Linux | Linux |
Affected:
5.10
Unaffected: 0 , < 5.10 (semver) Unaffected: 5.10.232 , ≤ 5.10.* (semver) Unaffected: 5.15.175 , ≤ 5.15.* (semver) Unaffected: 6.1.121 , ≤ 6.1.* (semver) Unaffected: 6.6.67 , ≤ 6.6.* (semver) Unaffected: 6.11.6 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:46:07.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dadf82c1b2608727bcc306843b540cd7414055a7",
"status": "affected",
"version": "75748837b7e56919679e02163f45d5818c644d03",
"versionType": "git"
},
{
"lessThan": "b57ac2d92c1f565743f6890a5b9cf317ed856b09",
"status": "affected",
"version": "75748837b7e56919679e02163f45d5818c644d03",
"versionType": "git"
},
{
"lessThan": "60fd3538d2a8fd44c41d25088c0ece3e1fd30659",
"status": "affected",
"version": "75748837b7e56919679e02163f45d5818c644d03",
"versionType": "git"
},
{
"lessThan": "bfe9446ea1d95f6cb7848da19dfd58d2eec6fd84",
"status": "affected",
"version": "75748837b7e56919679e02163f45d5818c644d03",
"versionType": "git"
},
{
"lessThan": "e2ef0f317a52e678fe8fa84b94d6a15b466d6ff0",
"status": "affected",
"version": "75748837b7e56919679e02163f45d5818c644d03",
"versionType": "git"
},
{
"lessThan": "e9bd9c498cb0f5843996dbe5cbce7a1836a83c70",
"status": "affected",
"version": "75748837b7e56919679e02163f45d5818c644d03",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.232",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.175",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.121",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.232",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.175",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.121",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.67",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.6",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5)."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:51:19.837Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dadf82c1b2608727bcc306843b540cd7414055a7"
},
{
"url": "https://git.kernel.org/stable/c/b57ac2d92c1f565743f6890a5b9cf317ed856b09"
},
{
"url": "https://git.kernel.org/stable/c/60fd3538d2a8fd44c41d25088c0ece3e1fd30659"
},
{
"url": "https://git.kernel.org/stable/c/bfe9446ea1d95f6cb7848da19dfd58d2eec6fd84"
},
{
"url": "https://git.kernel.org/stable/c/e2ef0f317a52e678fe8fa84b94d6a15b466d6ff0"
},
{
"url": "https://git.kernel.org/stable/c/e9bd9c498cb0f5843996dbe5cbce7a1836a83c70"
}
],
"title": "bpf: sync_linked_regs() must preserve subreg_def",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53125",
"datePublished": "2024-12-04T14:11:09.326Z",
"dateReserved": "2024-11-19T17:17:24.995Z",
"dateUpdated": "2026-05-11T20:51:19.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-53125",
"date": "2026-06-03",
"epss": "0.00014",
"percentile": "0.02656"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-53125\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-04T14:15:20.460\",\"lastModified\":\"2025-11-03T21:17:28.030\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbpf: sync_linked_regs() must preserve subreg_def\\n\\nRange propagation must not affect subreg_def marks, otherwise the\\nfollowing example is rewritten by verifier incorrectly when\\nBPF_F_TEST_RND_HI32 flag is set:\\n\\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\\n 2: w1 = w0 rewrites w1 = w0\\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\\n 5: r0 = r1 r1 |= r11 (r)\\n 6: exit; if w0 \u003c 0xa goto pc+0\\n r1 \u003e\u003e= 32\\n r0 = r1\\n exit\\n\\n(or zero extension of w1 at (2) is missing for architectures that\\n require zero extension for upper register half).\\n\\nThe following happens w/o this patch:\\n- r0 is marked as not a subreg at (0);\\n- w1 is marked as subreg at (2);\\n- w1 subreg_def is overridden at (3) by copy_register_state();\\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\\n for zero extension, because w1 subreg_def is not set;\\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\\n value for hi32 bits of (2) (marked (r));\\n- this random value is read at (5).\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: sync_linked_regs() debe preservar subreg_def La propagaci\u00f3n del rango no debe afectar a las marcas subreg_def, de lo contrario el siguiente ejemplo es reescrito incorrectamente por el verificador cuando el indicador BPF_F_TEST_RND_HI32 est\u00e1 establecido: 0: llamar a bpf_ktime_get_ns llamar a bpf_ktime_get_ns 1: r0 \u0026amp;= 0x7fffffff despu\u00e9s del verificador r0 \u0026amp;= 0x7fffffff 2: w1 = w0 reescribe w1 = w0 3: si w0 \u0026lt; 10 goto +0 --------------\u0026gt; r11 = 0x2f5674a6 (r) 4: r1 \u0026gt;\u0026gt;= 32 r11 \u0026lt;\u0026lt;= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: salir; si w0 \u0026lt; 0xa goto pc+0 r1 \u0026gt;\u0026gt;= 32 r0 = r1 salir (o falta la extensi\u00f3n cero de w1 en (2) para arquitecturas que requieren extensi\u00f3n cero para la mitad superior del registro). Lo siguiente ocurre sin este parche: - r0 est\u00e1 marcado como no un subreg en (0); - w1 est\u00e1 marcado como subreg en (2); - el subreg_def de w1 es anulado en (3) por copy_register_state(); - w1 se lee en (5) pero mark_insn_zext() no marca (2) para extensi\u00f3n cero, porque el subreg_def de w1 no est\u00e1 configurado; - debido al indicador BPF_F_TEST_RND_HI32, el verificador inserta un valor aleatorio para los bits hi32 de (2) (marcado (r)); - este valor aleatorio se lee en (5).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10\",\"versionEndExcluding\":\"5.10.232\",\"matchCriteriaId\":\"B50D4783-5CDB-499A-93A7-623C72578301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.175\",\"matchCriteriaId\":\"7A1F3620-6900-4852-9229-C3527377EBDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.121\",\"matchCriteriaId\":\"D8DA16A0-9C6E-493E-90EE-309A34901477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.67\",\"matchCriteriaId\":\"BF4F2CD1-2CA6-4D6B-9B0C-57C3C4D6544A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.6\",\"matchCriteriaId\":\"E4486B12-007B-4794-9857-F07145637AA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F361E1D-580F-4A2D-A509-7615F73167A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"925478D0-3E3D-4E6F-ACD5-09F28D5DF82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C95E234-D335-4B6C-96BF-E2CEBD8654ED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/60fd3538d2a8fd44c41d25088c0ece3e1fd30659\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b57ac2d92c1f565743f6890a5b9cf317ed856b09\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bfe9446ea1d95f6cb7848da19dfd58d2eec6fd84\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dadf82c1b2608727bcc306843b540cd7414055a7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e2ef0f317a52e678fe8fa84b94d6a15b466d6ff0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e9bd9c498cb0f5843996dbe5cbce7a1836a83c70\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2025:20610-1
Vulnerability from csaf_suse - Published: 2025-08-25 12:16 - Updated: 2025-08-25 12:16Summary
Security update for kernel-livepatch-MICRO-6-0_Update_2
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0_Update_2
Description of the patch: This update for kernel-livepatch-MICRO-6-0_Update_2 fixes the following issues:
- CVE-2024-56664: bpf, sockmap: fix race between element replace and close() (bsc#1235250)
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776)
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793)
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797)
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804)
Patchnames: SUSE-SLE-Micro-6.1-kernel-73
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0_Update_2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0_Update_2 fixes the following issues:\n\n- CVE-2024-56664: bpf, sockmap: fix race between element replace and close() (bsc#1235250)\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776)\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793)\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797)\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-73",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20610-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20610-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520610-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20610-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041451.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE Bug 1245804",
"url": "https://bugzilla.suse.com/1245804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0_Update_2",
"tracking": {
"current_release_date": "2025-08-25T12:16:43Z",
"generator": {
"date": "2025-08-25T12:16:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20610-1",
"initial_release_date": "2025-08-25T12:16:43Z",
"revision_history": [
{
"date": "2025-08-25T12:16:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-19-default-9-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-19-default-9-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-19-default-9-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-19-default-9-1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-19-default-9-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-19-default-9-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "external",
"summary": "SUSE Bug 1245804 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1245804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:16:43Z",
"details": "important"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:16:43Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:16:43Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:16:43Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-19-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:16:43Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:20611-1
Vulnerability from csaf_suse - Published: 2025-08-25 12:16 - Updated: 2025-08-25 12:16Summary
Security update for kernel-livepatch-MICRO-6-0_Update_4
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0_Update_4
Description of the patch: This update for kernel-livepatch-MICRO-6-0_Update_4 fixes the following issues:
- CVE-2024-56664: bpf, sockmap: fix race between element replace and close() (bsc#1235250)
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776)
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793)
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797)
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804)
Patchnames: SUSE-SLE-Micro-6.1-kernel-75
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0_Update_4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0_Update_4 fixes the following issues:\n\n- CVE-2024-56664: bpf, sockmap: fix race between element replace and close() (bsc#1235250)\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776)\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793)\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797)\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-75",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20611-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20611-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520611-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20611-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041450.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE Bug 1245804",
"url": "https://bugzilla.suse.com/1245804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0_Update_4",
"tracking": {
"current_release_date": "2025-08-25T12:16:43Z",
"generator": {
"date": "2025-08-25T12:16:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20611-1",
"initial_release_date": "2025-08-25T12:16:43Z",
"revision_history": [
{
"date": "2025-08-25T12:16:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"product_id": "kernel-livepatch-6_4_0-24-default-7-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-24-default-7-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-24-default-7-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-24-default-7-1.2.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-24-default-7-1.2.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-24-default-7-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "external",
"summary": "SUSE Bug 1245804 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1245804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:16:43Z",
"details": "important"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:16:43Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:16:43Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:16:43Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:16:43Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:20620-1
Vulnerability from csaf_suse - Published: 2025-08-25 12:45 - Updated: 2025-08-25 12:45Summary
Security update for kernel-livepatch-MICRO-6-0-RT_Update_4
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0-RT_Update_4
Description of the patch: This update for kernel-livepatch-MICRO-6-0-RT_Update_4 fixes the following issues:
- CVE-2024-56664: bpf, sockmap: fix race between element replace and close() (bsc#1235250)
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776)
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793)
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797)
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804)
Patchnames: SUSE-SLE-Micro-6.1-kernel-68
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0-RT_Update_4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0-RT_Update_4 fixes the following issues:\n\n- CVE-2024-56664: bpf, sockmap: fix race between element replace and close() (bsc#1235250)\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776)\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793)\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797)\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-68",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20620-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20620-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520620-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20620-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041441.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE Bug 1245804",
"url": "https://bugzilla.suse.com/1245804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0-RT_Update_4",
"tracking": {
"current_release_date": "2025-08-25T12:45:12Z",
"generator": {
"date": "2025-08-25T12:45:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20620-1",
"initial_release_date": "2025-08-25T12:45:12Z",
"revision_history": [
{
"date": "2025-08-25T12:45:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "external",
"summary": "SUSE Bug 1245804 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1245804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:45:12Z",
"details": "important"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:45:12Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:45:12Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:45:12Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-22-rt-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:45:12Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:20625-1
Vulnerability from csaf_suse - Published: 2025-08-25 12:45 - Updated: 2025-08-25 12:45Summary
Security update for kernel-livepatch-MICRO-6-0-RT_Update_2
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0-RT_Update_2
Description of the patch: This update for kernel-livepatch-MICRO-6-0-RT_Update_2 fixes the following issues:
- CVE-2024-56664: bpf, sockmap: fix race between element replace and close() (bsc#1235250)
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776)
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793)
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797)
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804)
Patchnames: SUSE-SLE-Micro-6.1-kernel-81
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0-RT_Update_2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0-RT_Update_2 fixes the following issues:\n\n- CVE-2024-56664: bpf, sockmap: fix race between element replace and close() (bsc#1235250)\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776)\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793)\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797)\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-81",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20625-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20625-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520625-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20625-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041436.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE Bug 1245804",
"url": "https://bugzilla.suse.com/1245804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0-RT_Update_2",
"tracking": {
"current_release_date": "2025-08-25T12:45:12Z",
"generator": {
"date": "2025-08-25T12:45:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20625-1",
"initial_release_date": "2025-08-25T12:45:12Z",
"revision_history": [
{
"date": "2025-08-25T12:45:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "external",
"summary": "SUSE Bug 1245804 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1245804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:45:12Z",
"details": "important"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:45:12Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:45:12Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:45:12Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-10-rt-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-25T12:45:12Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
WID-SEC-W-2024-3608
Vulnerability from csaf_certbund - Published: 2024-12-04 23:00 - Updated: 2026-01-19 23:00Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell
|
cpe:/a:dell:networker:virtual
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle / Linux
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
References
189 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3608 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3608.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3608 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3608"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53125",
"url": "https://lore.kernel.org/linux-cve-announce/2024120413-CVE-2024-53125-69ff@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53126",
"url": "https://lore.kernel.org/linux-cve-announce/2024120448-CVE-2024-53126-0282@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53127",
"url": "https://lore.kernel.org/linux-cve-announce/2024120449-CVE-2024-53127-518c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53128",
"url": "https://lore.kernel.org/linux-cve-announce/2024120449-CVE-2024-53128-f08c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53129",
"url": "https://lore.kernel.org/linux-cve-announce/2024120449-CVE-2024-53129-9f04@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53130",
"url": "https://lore.kernel.org/linux-cve-announce/2024120450-CVE-2024-53130-5621@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53131",
"url": "https://lore.kernel.org/linux-cve-announce/2024120450-CVE-2024-53131-60ad@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53132",
"url": "https://lore.kernel.org/linux-cve-announce/2024120450-CVE-2024-53132-2d51@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53133",
"url": "https://lore.kernel.org/linux-cve-announce/2024120451-CVE-2024-53133-b0b7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53134",
"url": "https://lore.kernel.org/linux-cve-announce/2024120451-CVE-2024-53134-cb0a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53135",
"url": "https://lore.kernel.org/linux-cve-announce/2024120451-CVE-2024-53135-8dcc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53136",
"url": "https://lore.kernel.org/linux-cve-announce/2024120452-CVE-2024-53136-f7f8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53137",
"url": "https://lore.kernel.org/linux-cve-announce/2024120452-CVE-2024-53137-b908@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53138",
"url": "https://lore.kernel.org/linux-cve-announce/2024120452-CVE-2024-53138-1849@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53139",
"url": "https://lore.kernel.org/linux-cve-announce/2024120453-CVE-2024-53139-4311@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2024-53140",
"url": "https://lore.kernel.org/linux-cve-announce/2024120453-CVE-2024-53140-6ecf@gregkh/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4318-1 vom 2024-12-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019999.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4316-1 vom 2024-12-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/S4I5Z6ALCJLHTP25U3HMJHEXN4DR2USM/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:4314-1 vom 2024-12-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SARXL66CQHD5VSFG5PUBNBVBPVFUN4KT/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4008 vom 2025-01-03",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0117-1 vom 2025-01-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020131.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0153-1 vom 2025-01-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020150.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0154-1 vom 2025-01-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020151.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0201-1 vom 2025-01-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YFCZRPOJ45QWVUSJAEK53OBSFTOQ3W5H/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0236-1 vom 2025-01-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020196.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0289-1 vom 2025-01-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020239.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5860 vom 2025-02-08",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00023.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20095 vom 2025-02-11",
"url": "https://linux.oracle.com/errata/ELSA-2025-20095.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20100 vom 2025-02-13",
"url": "https://linux.oracle.com/errata/ELSA-2025-20100.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0556-1 vom 2025-02-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020352.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0577-1 vom 2025-02-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-February/020370.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7277-1 vom 2025-02-19",
"url": "https://ubuntu.com/security/notices/USN-7277-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7276-1 vom 2025-02-19",
"url": "https://ubuntu.com/security/notices/USN-7276-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7310-1 vom 2025-02-28",
"url": "https://ubuntu.com/security/notices/USN-7310-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4075 vom 2025-03-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4076 vom 2025-03-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0835-1 vom 2025-03-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LBO7AHILADM6B4UZWMWGQKE6YTZU2AGF/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0833-1 vom 2025-03-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NVOTJPDFQQWPNLUFPKTQVNNMK5RQPZGP/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0201-2 vom 2025-03-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020501.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0833-2 vom 2025-03-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020502.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0577-2 vom 2025-03-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020500.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0853-1 vom 2025-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020506.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:0945-1 vom 2025-03-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020560.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20190 vom 2025-03-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-20190.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice LSN-0110-1 vom 2025-03-26",
"url": "https://ubuntu.com/security/notices/LSN-0110-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7388-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7388-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7387-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7387-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7392-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7387-3 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7387-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7393-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7393-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7389-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7389-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7387-2 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7387-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-2 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7392-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7391-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7391-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7390-1 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7390-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7402-1 vom 2025-04-02",
"url": "https://ubuntu.com/security/notices/USN-7402-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-3 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7392-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7392-4 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7392-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7401-1 vom 2025-04-01",
"url": "https://ubuntu.com/security/notices/USN-7401-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7402-2 vom 2025-04-02",
"url": "https://ubuntu.com/security/notices/USN-7402-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7403-1 vom 2025-04-02",
"url": "https://ubuntu.com/security/notices/USN-7403-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7407-1 vom 2025-04-02",
"url": "https://ubuntu.com/security/notices/USN-7407-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7413-1 vom 2025-04-03",
"url": "https://ubuntu.com/security/notices/USN-7413-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7402-3 vom 2025-04-04",
"url": "https://ubuntu.com/security/notices/USN-7402-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7402-4 vom 2025-04-07",
"url": "https://ubuntu.com/security/notices/USN-7402-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7421-1 vom 2025-04-07",
"url": "https://ubuntu.com/security/notices/USN-7421-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1177-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020670.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1178-1 vom 2025-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020674.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1180-1 vom 2025-04-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/DGJ23MSZWYIA7MJ47RNVV6T27Z324VKA/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20271 vom 2025-04-14",
"url": "https://linux.oracle.com/errata/ELSA-2025-20271.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:1293-1 vom 2025-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-April/020712.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7402-5 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7402-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7453-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7453-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7450-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7450-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7449-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7449-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7452-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7452-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7451-1 vom 2025-04-23",
"url": "https://ubuntu.com/security/notices/USN-7451-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7458-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7458-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7449-2 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7449-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7459-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7459-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7463-1 vom 2025-04-24",
"url": "https://ubuntu.com/security/notices/USN-7463-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7459-2 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7459-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7468-1 vom 2025-04-28",
"url": "https://ubuntu.com/security/notices/USN-7468-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7496-1 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7496-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7496-2 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7496-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7496-4 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7496-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7496-3 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7496-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7496-5 vom 2025-05-07",
"url": "https://ubuntu.com/security/notices/USN-7496-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7506-1 vom 2025-05-12",
"url": "https://ubuntu.com/security/notices/USN-7506-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7506-3 vom 2025-05-12",
"url": "https://ubuntu.com/security/notices/USN-7506-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7506-2 vom 2025-05-12",
"url": "https://ubuntu.com/security/notices/USN-7506-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7506-4 vom 2025-05-13",
"url": "https://ubuntu.com/security/notices/USN-7506-4"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:6966 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:6966"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7514-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7514-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7515-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7515-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-1 vom 2025-05-16",
"url": "https://ubuntu.com/security/notices/USN-7513-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7522-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7522-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-3 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7513-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7523-1 vom 2025-05-20",
"url": "https://ubuntu.com/security/notices/USN-7523-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01614-1 vom 2025-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020870.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7524-1 vom 2025-05-26",
"url": "https://ubuntu.com/security/notices/USN-7524-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01707-1 vom 2025-05-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020902.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7539-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7539-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7540-1 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7540-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-4 vom 2025-05-28",
"url": "https://ubuntu.com/security/notices/USN-7513-4"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-072 vom 2025-05-29",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-072.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7513-5 vom 2025-05-29",
"url": "https://ubuntu.com/security/notices/USN-7513-5"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20283-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021049.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20246-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021078.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20260-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021058.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20249-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021072.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20270-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021056.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20247-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021076.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20248-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021074.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20206-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021137.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20192-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021150.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20164-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021175.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20190-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021154.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20165-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021174.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20166-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021176.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20163-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021187.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2025-073 vom 2025-06-10",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2025-073.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01919-1 vom 2025-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021477.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01951-1 vom 2025-06-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021509.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01965-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021535.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01967-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021533.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01964-1 vom 2025-06-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021531.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20413-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021547.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20408-1 vom 2025-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021550.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02000-1 vom 2025-06-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021568.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20421-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021590.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20419-1 vom 2025-06-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021591.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20406 vom 2025-07-08",
"url": "https://linux.oracle.com/errata/ELSA-2025-20406.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02264-1 vom 2025-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021785.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02322-1 vom 2025-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021810.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02321-1 vom 2025-07-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021811.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20470 vom 2025-07-16",
"url": "https://linux.oracle.com/errata/ELSA-2025-20470.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-1 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7654-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-2 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7654-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-3 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7654-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7655-1 vom 2025-07-18",
"url": "https://ubuntu.com/security/notices/USN-7655-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-4 vom 2025-07-22",
"url": "https://ubuntu.com/security/notices/USN-7654-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02537-1 vom 2025-07-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021978.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7654-5 vom 2025-07-29",
"url": "https://ubuntu.com/security/notices/USN-7654-5"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02601-1 vom 2025-08-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022048.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02611-1 vom 2025-08-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CAY42JX32A3BASFZGJE6DQP2CXN2LUAW/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02632-1 vom 2025-08-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A6QW6TXS545RIQWDHD4QUITTGGA4K6MY/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02636-1 vom 2025-08-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CZW4BWHO76REHV7LNO6WHLF4JRL7WMEJ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02647-1 vom 2025-08-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LHOHSHBEJMHDNQVQMNHA7MC22TR34HJY/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02652-1 vom 2025-08-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CPV72PULRBVAYNVLOGDPAXEYAOLJPHYQ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02638-1 vom 2025-08-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GT3EVLQ3E46O7RVXSFVUBEM6JEJUWQI4/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02688-1 vom 2025-08-05",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5NCR2KWOE2L5E5ZMBPLRQ3ZRAPKHOJX5/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02691-1 vom 2025-08-05",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HQYM2FGJQXM5CJJ3L6LDY723WGAYBFPL/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02698-1 vom 2025-08-05",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TM2FOPKL26WFLLS5YFPKON7STKP3HL4I/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02708-1 vom 2025-08-05",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OIV3PQR5UOAFXL7SARDQRG7OSG5GJOE7/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7686-1 vom 2025-08-05",
"url": "https://ubuntu.com/security/notices/USN-7686-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7712-1 vom 2025-08-22",
"url": "https://ubuntu.com/security/notices/USN-7712-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7711-1 vom 2025-08-22",
"url": "https://ubuntu.com/security/notices/USN-7711-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20568-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022313.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20578-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022303.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20576-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022305.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20575-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022306.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20584-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022297.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20579-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022302.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7727-1 vom 2025-08-29",
"url": "https://ubuntu.com/security/notices/USN-7727-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7727-2 vom 2025-08-29",
"url": "https://ubuntu.com/security/notices/USN-7727-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20620-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022352.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20611-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022359.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20610-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022360.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20625-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022347.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7712-2 vom 2025-09-02",
"url": "https://ubuntu.com/security/notices/USN-7712-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7727-3 vom 2025-09-02",
"url": "https://ubuntu.com/security/notices/USN-7727-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7755-2 vom 2025-09-17",
"url": "https://ubuntu.com/security/notices/USN-7755-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7755-1 vom 2025-09-17",
"url": "https://ubuntu.com/security/notices/USN-7755-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03301-1 vom 2025-09-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022605.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7755-3 vom 2025-09-24",
"url": "https://ubuntu.com/security/notices/USN-7755-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03602-1 vom 2025-10-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022908.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03634-1 vom 2025-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022925.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-390 vom 2025-11-05",
"url": "https://www.dell.com/support/kbdoc/000385230"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:20518 vom 2025-11-11",
"url": "https://access.redhat.com/errata/RHSA-2025:20518"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:2264-1 vom 2025-11-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023257.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7875-1 vom 2025-11-19",
"url": "https://ubuntu.com/security/notices/USN-7875-1"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:20518 vom 2025-11-21",
"url": "https://errata.build.resf.org/RLSA-2025:20518"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20518 vom 2025-11-25",
"url": "https://linux.oracle.com/errata/ELSA-2025-20518-0.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0149-1 vom 2026-01-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023793.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-01-19T23:00:00.000+00:00",
"generator": {
"date": "2026-01-20T08:35:12.524+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-3608",
"initial_release_date": "2024-12-04T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-12-04T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-12-15T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-02T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-01-15T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-19T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-26T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-01-29T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-09T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-02-10T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-02-12T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-02-16T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-18T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-02-19T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-03-11T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-13T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-19T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-03-20T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-03-26T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-27T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-30T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-01T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-03T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-06T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-07T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-08T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-14T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-04-22T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-23T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-24T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-28T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-06T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-12T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-18T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-20T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-21T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-05-26T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2025-05-27T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-09T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-06-11T22:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-15T22:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-16T22:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-17T22:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-19T22:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-08T22:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-07-10T22:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-15T22:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-17T22:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-21T22:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-28T22:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-07-29T22:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-07-31T22:00:00.000+00:00",
"number": "59",
"summary": "Referenz(en) aufgenommen:"
},
{
"date": "2025-08-03T22:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-04T22:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-05T22:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-08-24T22:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-08-27T22:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-28T22:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-23T22:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-15T22:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-04T23:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "73",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2025-11-19T23:00:00.000+00:00",
"number": "74",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-11-23T23:00:00.000+00:00",
"number": "75",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-11-24T23:00:00.000+00:00",
"number": "76",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-01-19T23:00:00.000+00:00",
"number": "77",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "77"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "Appliance \u003c5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance \u003c5.32.00.18",
"product_id": "T048301"
}
},
{
"category": "product_version",
"name": "Appliance 5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance 5.32.00.18",
"product_id": "T048301-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:appliance__5.32.00.18"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T046484",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T042774",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "product_name",
"name": "Linux"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53125",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-53126",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53126"
},
{
"cve": "CVE-2024-53127",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53127"
},
{
"cve": "CVE-2024-53128",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53128"
},
{
"cve": "CVE-2024-53129",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53129"
},
{
"cve": "CVE-2024-53130",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53130"
},
{
"cve": "CVE-2024-53131",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53131"
},
{
"cve": "CVE-2024-53132",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53132"
},
{
"cve": "CVE-2024-53133",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53133"
},
{
"cve": "CVE-2024-53134",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53134"
},
{
"cve": "CVE-2024-53135",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53135"
},
{
"cve": "CVE-2024-53136",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53136"
},
{
"cve": "CVE-2024-53137",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53137"
},
{
"cve": "CVE-2024-53138",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53138"
},
{
"cve": "CVE-2024-53139",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53139"
},
{
"cve": "CVE-2024-53140",
"product_status": {
"known_affected": [
"T042774",
"2951",
"T002207",
"67646",
"T000126",
"T034583",
"T046484",
"398363",
"T004914",
"T032255",
"T039664",
"T048301"
]
},
"release_date": "2024-12-04T23:00:00.000+00:00",
"title": "CVE-2024-53140"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…