Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-38471 (GCVE-0-2025-38471)
Vulnerability from cvelistv5 – Published: 2025-07-28 11:21 – Updated: 2026-05-23 15:59
VLAI
EPSS
Title
tls: always refresh the queue when reading sock
Summary
In the Linux kernel, the following vulnerability has been resolved:
tls: always refresh the queue when reading sock
After recent changes in net-next TCP compacts skbs much more
aggressively. This unearthed a bug in TLS where we may try
to operate on an old skb when checking if all skbs in the
queue have matching decrypt state and geometry.
BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]
(net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)
Read of size 4 at addr ffff888013085750 by task tls/13529
CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme
Call Trace:
kasan_report+0xca/0x100
tls_strp_check_rcv+0x898/0x9a0 [tls]
tls_rx_rec_wait+0x2c9/0x8d0 [tls]
tls_sw_recvmsg+0x40f/0x1aa0 [tls]
inet_recvmsg+0x1c3/0x1f0
Always reload the queue, fast path is to have the record in the queue
when we wake, anyway (IOW the path going down "if !strp->stm.full_len").
Severity
7.8 (High)
Assigner
References
7 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0d87bbd39d7fd1135ab9eca672d760470f6508e8 , < 730fed2ff5e259495712518e18d9f521f61972bb
(git)
Affected: 0d87bbd39d7fd1135ab9eca672d760470f6508e8 , < 1f3a429c21e0e43e8b8c55d30701e91411a4df02 (git) Affected: 0d87bbd39d7fd1135ab9eca672d760470f6508e8 , < cdb767915fc9a15d88d19d52a1455f1dc3e5ddc8 (git) Affected: 0d87bbd39d7fd1135ab9eca672d760470f6508e8 , < c76f6f437c46b2390888e0e1dc7aafafa9f4e0c6 (git) Affected: 0d87bbd39d7fd1135ab9eca672d760470f6508e8 , < 4ab26bce3969f8fd925fe6f6f551e4d1a508c68b (git) Affected: 2277d7cbdf47531b2c3cd01ba15255fa955aab35 (git) Affected: 6.0.6 , < 6.1 (semver) |
|
| Linux | Linux |
Affected:
6.1
Unaffected: 0 , < 6.1 (semver) Unaffected: 6.1.147 , ≤ 6.1.* (semver) Unaffected: 6.6.100 , ≤ 6.6.* (semver) Unaffected: 6.12.40 , ≤ 6.12.* (semver) Unaffected: 6.15.8 , ≤ 6.15.* (semver) Unaffected: 6.16 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:38:36.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:05:06.840Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tls/tls_strp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "730fed2ff5e259495712518e18d9f521f61972bb",
"status": "affected",
"version": "0d87bbd39d7fd1135ab9eca672d760470f6508e8",
"versionType": "git"
},
{
"lessThan": "1f3a429c21e0e43e8b8c55d30701e91411a4df02",
"status": "affected",
"version": "0d87bbd39d7fd1135ab9eca672d760470f6508e8",
"versionType": "git"
},
{
"lessThan": "cdb767915fc9a15d88d19d52a1455f1dc3e5ddc8",
"status": "affected",
"version": "0d87bbd39d7fd1135ab9eca672d760470f6508e8",
"versionType": "git"
},
{
"lessThan": "c76f6f437c46b2390888e0e1dc7aafafa9f4e0c6",
"status": "affected",
"version": "0d87bbd39d7fd1135ab9eca672d760470f6508e8",
"versionType": "git"
},
{
"lessThan": "4ab26bce3969f8fd925fe6f6f551e4d1a508c68b",
"status": "affected",
"version": "0d87bbd39d7fd1135ab9eca672d760470f6508e8",
"versionType": "git"
},
{
"status": "affected",
"version": "2277d7cbdf47531b2c3cd01ba15255fa955aab35",
"versionType": "git"
},
{
"lessThan": "6.1",
"status": "affected",
"version": "6.0.6",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tls/tls_strp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.147",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.40",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.147",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.100",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.40",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.8",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16",
"versionStartIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\")."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:59:47.890Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/730fed2ff5e259495712518e18d9f521f61972bb"
},
{
"url": "https://git.kernel.org/stable/c/1f3a429c21e0e43e8b8c55d30701e91411a4df02"
},
{
"url": "https://git.kernel.org/stable/c/cdb767915fc9a15d88d19d52a1455f1dc3e5ddc8"
},
{
"url": "https://git.kernel.org/stable/c/c76f6f437c46b2390888e0e1dc7aafafa9f4e0c6"
},
{
"url": "https://git.kernel.org/stable/c/4ab26bce3969f8fd925fe6f6f551e4d1a508c68b"
}
],
"title": "tls: always refresh the queue when reading sock",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38471",
"datePublished": "2025-07-28T11:21:32.927Z",
"dateReserved": "2025-04-16T04:51:24.021Z",
"dateUpdated": "2026-05-23T15:59:47.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-38471",
"date": "2026-06-30",
"epss": "0.00152",
"percentile": "0.04735"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38471\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-28T12:15:28.890\",\"lastModified\":\"2026-06-17T09:16:55.667\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ntls: always refresh the queue when reading sock\\n\\nAfter recent changes in net-next TCP compacts skbs much more\\naggressively. This unearthed a bug in TLS where we may try\\nto operate on an old skb when checking if all skbs in the\\nqueue have matching decrypt state and geometry.\\n\\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\\n Read of size 4 at addr ffff888013085750 by task tls/13529\\n\\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\\n Call Trace:\\n kasan_report+0xca/0x100\\n tls_strp_check_rcv+0x898/0x9a0 [tls]\\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\\n inet_recvmsg+0x1c3/0x1f0\\n\\nAlways reload the queue, fast path is to have the record in the queue\\nwhen we wake, anyway (IOW the path going down \\\"if !strp-\u003estm.full_len\\\").\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: TLS: siempre actualiza la cola al leer un archivo SOCK. Tras cambios recientes en Net-Next, TCP compacta los archivos SKB de forma mucho m\u00e1s agresiva. Esto revel\u00f3 un error en TLS que permite intentar operar en un archivo SKB antiguo al comprobar si todos los archivos SKB de la cola tienen el mismo estado de descifrado y geometr\u00eda. BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls] (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544) Read of size 4 at addr ffff888013085750 by task tls/13529 CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme Call Trace: kasan_report+0xca/0x100 tls_strp_check_rcv+0x898/0x9a0 [tls] tls_rx_rec_wait+0x2c9/0x8d0 [tls] tls_sw_recvmsg+0x40f/0x1aa0 [tls] inet_recvmsg+0x1c3/0x1f0 Siempre recargue la cola, la ruta r\u00e1pida es tener el registro en la cola cuando nos despertamos, de todos modos (es decir, la ruta que baja \\\"if !strp-\u0026gt;stm.full_len\\\").\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"net/tls/tls_strp.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"0d87bbd39d7fd1135ab9eca672d760470f6508e8\",\"lessThan\":\"730fed2ff5e259495712518e18d9f521f61972bb\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"0d87bbd39d7fd1135ab9eca672d760470f6508e8\",\"lessThan\":\"1f3a429c21e0e43e8b8c55d30701e91411a4df02\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"0d87bbd39d7fd1135ab9eca672d760470f6508e8\",\"lessThan\":\"cdb767915fc9a15d88d19d52a1455f1dc3e5ddc8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"0d87bbd39d7fd1135ab9eca672d760470f6508e8\",\"lessThan\":\"c76f6f437c46b2390888e0e1dc7aafafa9f4e0c6\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"0d87bbd39d7fd1135ab9eca672d760470f6508e8\",\"lessThan\":\"4ab26bce3969f8fd925fe6f6f551e4d1a508c68b\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"2277d7cbdf47531b2c3cd01ba15255fa955aab35\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"6.0.6\",\"lessThan\":\"6.1\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"net/tls/tls_strp.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"6.1\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"6.1\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.147\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.100\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.40\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.15.8\",\"lessThanOrEqual\":\"6.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.16\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.6\",\"versionEndExcluding\":\"6.1\",\"matchCriteriaId\":\"903F3980-AD2D-4547-A575-B67605976F3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.1\",\"versionEndExcluding\":\"6.1.147\",\"matchCriteriaId\":\"AFDDDB2E-5D9C-43DF-B287-CF21C987C33E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.100\",\"matchCriteriaId\":\"094B81E0-B756-4727-85CA-F3F8D1C9D116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.40\",\"matchCriteriaId\":\"0099D5A4-B157-4D36-8858-982C7D579030\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.15.8\",\"matchCriteriaId\":\"C7AFE5B0-F3B1-4D30-B8BF-EDA0385C4746\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE093B34-F4CD-4052-8122-730D6537A91A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F0B248-42CF-4AE6-A469-BB1BAE7F4705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2422816-0C14-4B5E-A1E6-A9D776E5C49B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6E00FE-5FB9-4D20-A1A1-5A32128F9B76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"35B26BE4-43A6-4A36-A7F6-5B3F572D9186\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FFFB0B3-930D-408A-91E2-BAE0C2715D80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"8535320E-A0DB-4277-800E-D0CE5BBA59E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"21718AA4-4056-40F2-968E-BDAA465A7872\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D4894DB-CCFE-4602-B1BF-3960B2E19A01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"09709862-E348-4378-8632-5A7813EDDC86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"415BF58A-8197-43F5-B3D7-D1D63057A26E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0517869-312D-4429-80C2-561086E1421C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"85421F4E-C863-4ABF-B4B4-E887CC2F7F92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3827F0D4-5FEE-4181-B267-5A45E7CA11FC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1f3a429c21e0e43e8b8c55d30701e91411a4df02\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4ab26bce3969f8fd925fe6f6f551e4d1a508c68b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/730fed2ff5e259495712518e18d9f521f61972bb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c76f6f437c46b2390888e0e1dc7aafafa9f4e0c6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cdb767915fc9a15d88d19d52a1455f1dc3e5ddc8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}"
}
}
SUSE-SU-2025:3748-1
Vulnerability from csaf_suse - Published: 2025-10-23 09:08 - Updated: 2025-10-23 09:08Summary
Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_23_30 fixes several issues.
The following security issues were fixed:
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1245794).
- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).
Patchnames: SUSE-2025-3748,SUSE-2025-3749,SUSE-2025-3756,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3748
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
51 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_30 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).\n- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).\n- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1245794).\n- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3748,SUSE-2025-3749,SUSE-2025-3756,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3748",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3748-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3748-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253748-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3748-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042273.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245794",
"url": "https://bugzilla.suse.com/1245794"
},
{
"category": "self",
"summary": "SUSE Bug 1246075",
"url": "https://bugzilla.suse.com/1246075"
},
{
"category": "self",
"summary": "SUSE Bug 1247158",
"url": "https://bugzilla.suse.com/1247158"
},
{
"category": "self",
"summary": "SUSE Bug 1247452",
"url": "https://bugzilla.suse.com/1247452"
},
{
"category": "self",
"summary": "SUSE Bug 1248376",
"url": "https://bugzilla.suse.com/1248376"
},
{
"category": "self",
"summary": "SUSE Bug 1248673",
"url": "https://bugzilla.suse.com/1248673"
},
{
"category": "self",
"summary": "SUSE Bug 1248749",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "self",
"summary": "SUSE Bug 1249458",
"url": "https://bugzilla.suse.com/1249458"
},
{
"category": "self",
"summary": "SUSE Bug 1249534",
"url": "https://bugzilla.suse.com/1249534"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-23T09:08:16Z",
"generator": {
"date": "2025-10-23T09:08:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3748-1",
"initial_release_date": "2025-10-23T09:08:16Z",
"revision_history": [
{
"date": "2025-10-23T09:08:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_38-default-9-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_38-default-9-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_38-default-9-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_33-default-14-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-14-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_33-default-14-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_38-default-9-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_38-default-9-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_38-default-9-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_33-default-14-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-14-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_33-default-14-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_38-default-9-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_38-default-9-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_38-default-9-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_33-default-14-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-14-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_33-default-14-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T09:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T09:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T09:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T09:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T09:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T09:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T09:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T09:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_30-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T09:08:16Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
}
]
}
SUSE-SU-2025:3755-1
Vulnerability from csaf_suse - Published: 2025-10-23 11:05 - Updated: 2025-10-23 11:05Summary
Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_23_50 fixes several issues.
The following security issues were fixed:
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).
- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).
Patchnames: SUSE-2025-3755,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3755
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
46 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_50 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).\n- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).\n- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3755,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3755",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3755-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3755-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253755-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3755-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042271.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246075",
"url": "https://bugzilla.suse.com/1246075"
},
{
"category": "self",
"summary": "SUSE Bug 1247158",
"url": "https://bugzilla.suse.com/1247158"
},
{
"category": "self",
"summary": "SUSE Bug 1247452",
"url": "https://bugzilla.suse.com/1247452"
},
{
"category": "self",
"summary": "SUSE Bug 1248376",
"url": "https://bugzilla.suse.com/1248376"
},
{
"category": "self",
"summary": "SUSE Bug 1248673",
"url": "https://bugzilla.suse.com/1248673"
},
{
"category": "self",
"summary": "SUSE Bug 1248749",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "self",
"summary": "SUSE Bug 1249458",
"url": "https://bugzilla.suse.com/1249458"
},
{
"category": "self",
"summary": "SUSE Bug 1249534",
"url": "https://bugzilla.suse.com/1249534"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-23T11:05:11Z",
"generator": {
"date": "2025-10-23T11:05:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3755-1",
"initial_release_date": "2025-10-23T11:05:11Z",
"revision_history": [
{
"date": "2025-10-23T11:05:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T11:05:11Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T11:05:11Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T11:05:11Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T11:05:11Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T11:05:11Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T11:05:11Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T11:05:11Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_50-default-7-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T11:05:11Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
}
]
}
SUSE-SU-2025:3762-1
Vulnerability from csaf_suse - Published: 2025-10-23 18:04 - Updated: 2025-10-23 18:04Summary
Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_23_47 fixes several issues.
The following security issues were fixed:
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).
- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).
Patchnames: SUSE-2025-3762,SUSE-2025-3763,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3762
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
46 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_47 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).\n- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).\n- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3762,SUSE-2025-3763,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3762",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3762-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3762-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253762-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3762-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042287.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246075",
"url": "https://bugzilla.suse.com/1246075"
},
{
"category": "self",
"summary": "SUSE Bug 1247158",
"url": "https://bugzilla.suse.com/1247158"
},
{
"category": "self",
"summary": "SUSE Bug 1247452",
"url": "https://bugzilla.suse.com/1247452"
},
{
"category": "self",
"summary": "SUSE Bug 1248376",
"url": "https://bugzilla.suse.com/1248376"
},
{
"category": "self",
"summary": "SUSE Bug 1248673",
"url": "https://bugzilla.suse.com/1248673"
},
{
"category": "self",
"summary": "SUSE Bug 1248749",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "self",
"summary": "SUSE Bug 1249458",
"url": "https://bugzilla.suse.com/1249458"
},
{
"category": "self",
"summary": "SUSE Bug 1249534",
"url": "https://bugzilla.suse.com/1249534"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-23T18:04:24Z",
"generator": {
"date": "2025-10-23T18:04:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3762-1",
"initial_release_date": "2025-10-23T18:04:24Z",
"revision_history": [
{
"date": "2025-10-23T18:04:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_53-default-7-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_53-default-7-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_53-default-7-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_53-default-7-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_53-default-7-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_53-default-7-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_53-default-7-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_53-default-7-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_53-default-7-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:04:24Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:04:24Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:04:24Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:04:24Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:04:24Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:04:24Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:04:24Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_47-default-8-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:04:24Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
}
]
}
SUSE-SU-2025:3764-1
Vulnerability from csaf_suse - Published: 2025-10-23 18:33 - Updated: 2025-10-23 18:33Summary
Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_23_60 fixes several issues.
The following security issues were fixed:
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).
Patchnames: SUSE-2025-3764,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3764
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_60 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).\n- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3764,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3764",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3764-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3764-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253764-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3764-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042286.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246075",
"url": "https://bugzilla.suse.com/1246075"
},
{
"category": "self",
"summary": "SUSE Bug 1247158",
"url": "https://bugzilla.suse.com/1247158"
},
{
"category": "self",
"summary": "SUSE Bug 1247452",
"url": "https://bugzilla.suse.com/1247452"
},
{
"category": "self",
"summary": "SUSE Bug 1248376",
"url": "https://bugzilla.suse.com/1248376"
},
{
"category": "self",
"summary": "SUSE Bug 1248673",
"url": "https://bugzilla.suse.com/1248673"
},
{
"category": "self",
"summary": "SUSE Bug 1248749",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "self",
"summary": "SUSE Bug 1249534",
"url": "https://bugzilla.suse.com/1249534"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-23T18:33:44Z",
"generator": {
"date": "2025-10-23T18:33:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3764-1",
"initial_release_date": "2025-10-23T18:33:44Z",
"revision_history": [
{
"date": "2025-10-23T18:33:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:44Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:44Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:44Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:44Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:44Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:44Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_60-default-6-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:44Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
}
]
}
SUSE-SU-2025:3765-1
Vulnerability from csaf_suse - Published: 2025-10-23 18:33 - Updated: 2025-10-23 18:33Summary
Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP7)
Description of the patch: This update for the Linux Kernel 6.4.0-150700_51 fixes several issues.
The following security issues were fixed:
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1245794).
- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).
Patchnames: SUSE-2025-3765,SUSE-SLE-Module-Live-Patching-15-SP7-2025-3765
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
51 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150700_51 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).\n- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).\n- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1245794).\n- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3765,SUSE-SLE-Module-Live-Patching-15-SP7-2025-3765",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3765-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3765-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253765-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3765-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042285.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245794",
"url": "https://bugzilla.suse.com/1245794"
},
{
"category": "self",
"summary": "SUSE Bug 1246075",
"url": "https://bugzilla.suse.com/1246075"
},
{
"category": "self",
"summary": "SUSE Bug 1247158",
"url": "https://bugzilla.suse.com/1247158"
},
{
"category": "self",
"summary": "SUSE Bug 1247452",
"url": "https://bugzilla.suse.com/1247452"
},
{
"category": "self",
"summary": "SUSE Bug 1248376",
"url": "https://bugzilla.suse.com/1248376"
},
{
"category": "self",
"summary": "SUSE Bug 1248673",
"url": "https://bugzilla.suse.com/1248673"
},
{
"category": "self",
"summary": "SUSE Bug 1248749",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "self",
"summary": "SUSE Bug 1249458",
"url": "https://bugzilla.suse.com/1249458"
},
{
"category": "self",
"summary": "SUSE Bug 1249534",
"url": "https://bugzilla.suse.com/1249534"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP7)",
"tracking": {
"current_release_date": "2025-10-23T18:33:53Z",
"generator": {
"date": "2025-10-23T18:33:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3765-1",
"initial_release_date": "2025-10-23T18:33:53Z",
"revision_history": [
{
"date": "2025-10-23T18:33:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_51-default-6-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-23T18:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
}
]
}
SUSE-SU-2025:3768-1
Vulnerability from csaf_suse - Published: 2025-10-24 05:37 - Updated: 2025-10-24 05:37Summary
Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_23_42 fixes several issues.
The following security issues were fixed:
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1245794).
- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).
Patchnames: SUSE-2025-3768,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3768
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
51 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_42 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).\n- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).\n- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1245794).\n- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3768,SUSE-SLE-Module-Live-Patching-15-SP6-2025-3768",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3768-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3768-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253768-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3768-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042290.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245794",
"url": "https://bugzilla.suse.com/1245794"
},
{
"category": "self",
"summary": "SUSE Bug 1246075",
"url": "https://bugzilla.suse.com/1246075"
},
{
"category": "self",
"summary": "SUSE Bug 1247158",
"url": "https://bugzilla.suse.com/1247158"
},
{
"category": "self",
"summary": "SUSE Bug 1247452",
"url": "https://bugzilla.suse.com/1247452"
},
{
"category": "self",
"summary": "SUSE Bug 1248376",
"url": "https://bugzilla.suse.com/1248376"
},
{
"category": "self",
"summary": "SUSE Bug 1248673",
"url": "https://bugzilla.suse.com/1248673"
},
{
"category": "self",
"summary": "SUSE Bug 1248749",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "self",
"summary": "SUSE Bug 1249458",
"url": "https://bugzilla.suse.com/1249458"
},
{
"category": "self",
"summary": "SUSE Bug 1249534",
"url": "https://bugzilla.suse.com/1249534"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21971 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-10-24T05:37:07Z",
"generator": {
"date": "2025-10-24T05:37:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3768-1",
"initial_release_date": "2025-10-24T05:37:07Z",
"revision_history": [
{
"date": "2025-10-24T05:37:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-21971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21971"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: Prevent creation of classes with TC_H_ROOT\n\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\n\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21971",
"url": "https://www.suse.com/security/cve/CVE-2025-21971"
},
{
"category": "external",
"summary": "SUSE Bug 1240799 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1240799"
},
{
"category": "external",
"summary": "SUSE Bug 1245794 for CVE-2025-21971",
"url": "https://bugzilla.suse.com/1245794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T05:37:07Z",
"details": "important"
}
],
"title": "CVE-2025-21971"
},
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T05:37:07Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T05:37:07Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T05:37:07Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T05:37:07Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T05:37:07Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T05:37:07Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T05:37:07Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_42-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T05:37:07Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
}
]
}
SUSE-SU-2025:3771-1
Vulnerability from csaf_suse - Published: 2025-10-24 06:06 - Updated: 2025-10-24 06:06Summary
Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)
Description of the patch: This update for the Linux Kernel 6.4.0-150700_53_3 fixes several issues.
The following security issues were fixed:
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).
- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).
Patchnames: SUSE-2025-3771,SUSE-SLE-Module-Live-Patching-15-SP7-2025-3771
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
46 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150700_53_3 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).\n- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).\n- CVE-2025-38110: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (bsc#1249458).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3771,SUSE-SLE-Module-Live-Patching-15-SP7-2025-3771",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3771-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3771-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253771-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3771-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042289.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246075",
"url": "https://bugzilla.suse.com/1246075"
},
{
"category": "self",
"summary": "SUSE Bug 1247158",
"url": "https://bugzilla.suse.com/1247158"
},
{
"category": "self",
"summary": "SUSE Bug 1247452",
"url": "https://bugzilla.suse.com/1247452"
},
{
"category": "self",
"summary": "SUSE Bug 1248376",
"url": "https://bugzilla.suse.com/1248376"
},
{
"category": "self",
"summary": "SUSE Bug 1248673",
"url": "https://bugzilla.suse.com/1248673"
},
{
"category": "self",
"summary": "SUSE Bug 1248749",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "self",
"summary": "SUSE Bug 1249458",
"url": "https://bugzilla.suse.com/1249458"
},
{
"category": "self",
"summary": "SUSE Bug 1249534",
"url": "https://bugzilla.suse.com/1249534"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38110 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP7)",
"tracking": {
"current_release_date": "2025-10-24T06:06:36Z",
"generator": {
"date": "2025-10-24T06:06:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3771-1",
"initial_release_date": "2025-10-24T06:06:36Z",
"revision_history": [
{
"date": "2025-10-24T06:06:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mdiobus: Fix potential out-of-bounds clause 45 read/write access\n\nWhen using publicly available tools like \u0027mdio-tools\u0027 to read/write data\nfrom/to network interface and its PHY via C45 (clause 45) mdiobus,\nthere is no verification of parameters passed to the ioctl and\nit accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\n\nFix that by adding address verification before C45 read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38110",
"url": "https://www.suse.com/security/cve/CVE-2025-38110"
},
{
"category": "external",
"summary": "SUSE Bug 1245665 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1245665"
},
{
"category": "external",
"summary": "SUSE Bug 1249458 for CVE-2025-38110",
"url": "https://bugzilla.suse.com/1249458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:36Z",
"details": "important"
}
],
"title": "CVE-2025-38110"
},
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:36Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:36Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:36Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:36Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:36Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:36Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_3-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:36Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
}
]
}
SUSE-SU-2025:3772-1
Vulnerability from csaf_suse - Published: 2025-10-24 06:06 - Updated: 2025-10-24 06:06Summary
Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP7)
Description of the patch: This update for the Linux Kernel 6.4.0-150700_53_6 fixes several issues.
The following security issues were fixed:
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).
- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).
- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).
- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).
Patchnames: SUSE-2025-3772,SUSE-SLE-Module-Live-Patching-15-SP7-2025-3772
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150700_53_6 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249534).\n- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1248673).\n- CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247158).\n- CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248376).\n- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248749).\n- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246075).\n- CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247452).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3772,SUSE-SLE-Module-Live-Patching-15-SP7-2025-3772",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3772-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3772-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253772-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3772-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042288.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246075",
"url": "https://bugzilla.suse.com/1246075"
},
{
"category": "self",
"summary": "SUSE Bug 1247158",
"url": "https://bugzilla.suse.com/1247158"
},
{
"category": "self",
"summary": "SUSE Bug 1247452",
"url": "https://bugzilla.suse.com/1247452"
},
{
"category": "self",
"summary": "SUSE Bug 1248376",
"url": "https://bugzilla.suse.com/1248376"
},
{
"category": "self",
"summary": "SUSE Bug 1248673",
"url": "https://bugzilla.suse.com/1248673"
},
{
"category": "self",
"summary": "SUSE Bug 1248749",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "self",
"summary": "SUSE Bug 1249534",
"url": "https://bugzilla.suse.com/1249534"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38206 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38396 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38471 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38499 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38566/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38644 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP7)",
"tracking": {
"current_release_date": "2025-10-24T06:06:43Z",
"generator": {
"date": "2025-10-24T06:06:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3772-1",
"initial_release_date": "2025-10-24T06:06:43Z",
"revision_history": [
{
"date": "2025-10-24T06:06:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix double free in delayed_free\n\nThe double free could happen in the following path.\n\nexfat_create_upcase_table()\n exfat_create_upcase_table() : return error\n exfat_free_upcase_table() : free -\u003evol_utbl\n exfat_load_default_upcase_table : return error\n exfat_kill_sb()\n delayed_free()\n exfat_free_upcase_table() \u003c--------- double free\nThis patch set -\u003evol_util as NULL after freeing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38206",
"url": "https://www.suse.com/security/cve/CVE-2025-38206"
},
{
"category": "external",
"summary": "SUSE Bug 1246073 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246073"
},
{
"category": "external",
"summary": "SUSE Bug 1246075 for CVE-2025-38206",
"url": "https://bugzilla.suse.com/1246075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:43Z",
"details": "important"
}
],
"title": "CVE-2025-38206"
},
{
"cve": "CVE-2025-38396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38396"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass\n\nExport anon_inode_make_secure_inode() to allow KVM guest_memfd to create\nanonymous inodes with proper security context. This replaces the current\npattern of calling alloc_anon_inode() followed by\ninode_init_security_anon() for creating security context manually.\n\nThis change also fixes a security regression in secretmem where the\nS_PRIVATE flag was not cleared after alloc_anon_inode(), causing\nLSM/SELinux checks to be bypassed for secretmem file descriptors.\n\nAs guest_memfd currently resides in the KVM module, we need to export this\nsymbol for use outside the core kernel. In the future, guest_memfd might be\nmoved to core-mm, at which point the symbols no longer would have to be\nexported. When/if that happens is still unclear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38396",
"url": "https://www.suse.com/security/cve/CVE-2025-38396"
},
{
"category": "external",
"summary": "SUSE Bug 1247156 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247156"
},
{
"category": "external",
"summary": "SUSE Bug 1247158 for CVE-2025-38396",
"url": "https://bugzilla.suse.com/1247158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:43Z",
"details": "important"
}
],
"title": "CVE-2025-38396"
},
{
"cve": "CVE-2025-38471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38471"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: always refresh the queue when reading sock\n\nAfter recent changes in net-next TCP compacts skbs much more\naggressively. This unearthed a bug in TLS where we may try\nto operate on an old skb when checking if all skbs in the\nqueue have matching decrypt state and geometry.\n\n BUG: KASAN: slab-use-after-free in tls_strp_check_rcv+0x898/0x9a0 [tls]\n (net/tls/tls_strp.c:436 net/tls/tls_strp.c:530 net/tls/tls_strp.c:544)\n Read of size 4 at addr ffff888013085750 by task tls/13529\n\n CPU: 2 UID: 0 PID: 13529 Comm: tls Not tainted 6.16.0-rc5-virtme\n Call Trace:\n kasan_report+0xca/0x100\n tls_strp_check_rcv+0x898/0x9a0 [tls]\n tls_rx_rec_wait+0x2c9/0x8d0 [tls]\n tls_sw_recvmsg+0x40f/0x1aa0 [tls]\n inet_recvmsg+0x1c3/0x1f0\n\nAlways reload the queue, fast path is to have the record in the queue\nwhen we wake, anyway (IOW the path going down \"if !strp-\u003estm.full_len\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38471",
"url": "https://www.suse.com/security/cve/CVE-2025-38471"
},
{
"category": "external",
"summary": "SUSE Bug 1247450 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247450"
},
{
"category": "external",
"summary": "SUSE Bug 1247452 for CVE-2025-38471",
"url": "https://bugzilla.suse.com/1247452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:43Z",
"details": "important"
}
],
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won\u0027t expose something\nhidden by a mount we wouldn\u0027t be able to undo. \"Wouldn\u0027t be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere\u0027s a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38499",
"url": "https://www.suse.com/security/cve/CVE-2025-38499"
},
{
"category": "external",
"summary": "SUSE Bug 1247976 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1247976"
},
{
"category": "external",
"summary": "SUSE Bug 1248673 for CVE-2025-38499",
"url": "https://bugzilla.suse.com/1248673"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:43Z",
"details": "important"
}
],
"title": "CVE-2025-38499"
},
{
"cve": "CVE-2025-38566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38566"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: fix handling of server side tls alerts\n\nScott Mayhew discovered a security exploit in NFS over TLS in\ntls_alert_recv() due to its assumption it can read data from\nthe msg iterator\u0027s kvec..\n\nkTLS implementation splits TLS non-data record payload between\nthe control message buffer (which includes the type such as TLS\naler or TLS cipher change) and the rest of the payload (say TLS\nalert\u0027s level/description) which goes into the msg payload buffer.\n\nThis patch proposes to rework how control messages are setup and\nused by sock_recvmsg().\n\nIf no control message structure is setup, kTLS layer will read and\nprocess TLS data record types. As soon as it encounters a TLS control\nmessage, it would return an error. At that point, NFS can setup a\nkvec backed msg buffer and read in the control message such as a\nTLS alert. Msg iterator can advance the kvec pointer as a part of\nthe copy process thus we need to revert the iterator before calling\ninto the tls_alert_recv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38566",
"url": "https://www.suse.com/security/cve/CVE-2025-38566"
},
{
"category": "external",
"summary": "SUSE Bug 1248374 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248374"
},
{
"category": "external",
"summary": "SUSE Bug 1248376 for CVE-2025-38566",
"url": "https://bugzilla.suse.com/1248376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:43Z",
"details": "important"
}
],
"title": "CVE-2025-38566"
},
{
"cve": "CVE-2025-38644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38644"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38644",
"url": "https://www.suse.com/security/cve/CVE-2025-38644"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248748 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248748"
},
{
"category": "external",
"summary": "SUSE Bug 1248749 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1248749"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38644",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:43Z",
"details": "important"
}
],
"title": "CVE-2025-38644"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_53_6-default-6-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T06:06:43Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
}
]
}
WID-SEC-W-2025-1665
Vulnerability from csaf_certbund - Published: 2025-07-28 22:00 - Updated: 2026-05-19 22:00Summary
Linux Kernel: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder andere nicht spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <8.4.0.0
Dell / PowerProtect Data Domain
|
<8.4.0.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vsphere
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Dell PowerProtect Data Domain <7.13.1.40
Dell / PowerProtect Data Domain
|
<7.13.1.40 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— | |
|
IBM Security Verify Access <10.0.9.1
IBM / Security Verify Access
|
<10.0.9.1 | ||
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition | |
|
Dell PowerProtect Data Domain <7.10.1.70
Dell / PowerProtect Data Domain
|
<7.10.1.70 | ||
|
Dell PowerProtect Data Domain <8.3.1.10
Dell / PowerProtect Data Domain
|
<8.3.1.10 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
References
562 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder andere nicht spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1665 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1665.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1665 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1665"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38468",
"url": "https://lore.kernel.org/linux-cve-announce/2025072834-CVE-2025-38468-4110@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38469",
"url": "https://lore.kernel.org/linux-cve-announce/2025072811-CVE-2025-38469-4e11@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38470",
"url": "https://lore.kernel.org/linux-cve-announce/2025072811-CVE-2025-38470-a4d4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38471",
"url": "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38471-ca92@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38472",
"url": "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38472-fa6d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38473",
"url": "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38473-e8bb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38474",
"url": "https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38474-0663@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38475",
"url": "https://lore.kernel.org/linux-cve-announce/2025072813-CVE-2025-38475-deb5@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38476",
"url": "https://lore.kernel.org/linux-cve-announce/2025072813-CVE-2025-38476-ab35@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38477",
"url": "https://lore.kernel.org/linux-cve-announce/2025072813-CVE-2025-38477-8b42@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38478",
"url": "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38478-298f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38480",
"url": "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38480-d8ab@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38481",
"url": "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38481-1476@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38482",
"url": "https://lore.kernel.org/linux-cve-announce/2025072814-CVE-2025-38482-f4ed@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38483",
"url": "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38483-ab88@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38484",
"url": "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38484-4faf@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38485",
"url": "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38485-3cec@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38486",
"url": "https://lore.kernel.org/linux-cve-announce/2025072815-CVE-2025-38486-e3f6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38487",
"url": "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38487-1ffa@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38488",
"url": "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38488-7f36@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38489",
"url": "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38489-0fd7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38490",
"url": "https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38490-7528@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38491",
"url": "https://lore.kernel.org/linux-cve-announce/2025072817-CVE-2025-38491-859c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38492",
"url": "https://lore.kernel.org/linux-cve-announce/2025072817-CVE-2025-38492-d59e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38493",
"url": "https://lore.kernel.org/linux-cve-announce/2025072817-CVE-2025-38493-32f7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38494",
"url": "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38494-63e4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38495",
"url": "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38495-3b28@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38496",
"url": "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38496-4301@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-38497",
"url": "https://lore.kernel.org/linux-cve-announce/2025072818-CVE-2025-38497-b5c7@gregkh/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7686-1 vom 2025-08-05",
"url": "https://ubuntu.com/security/notices/USN-7686-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5973 vom 2025-08-12",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00137.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7909-5 vom 2025-12-15",
"url": "https://ubuntu.com/security/notices/USN-7909-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7934-1 vom 2025-12-15",
"url": "https://ubuntu.com/security/notices/USN-7934-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7933-1 vom 2025-12-15",
"url": "https://ubuntu.com/security/notices/USN-7933-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5975 vom 2025-08-13",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00139.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:13962 vom 2025-08-18",
"url": "https://access.redhat.com/errata/RHSA-2025:13962"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02823-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022188.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02830-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022186.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02834-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022183.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02827-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022187.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02833-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022184.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02832-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022185.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02820-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022190.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02821-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022189.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02852-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022201.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02846-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022192.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02849-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022204.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14009 vom 2025-08-18",
"url": "https://access.redhat.com/errata/RHSA-2025:14009"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14005 vom 2025-08-18",
"url": "https://access.redhat.com/errata/RHSA-2025:14005"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02850-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022203.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02851-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022202.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02848-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022193.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02853-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022200.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02854-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022199.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14003 vom 2025-08-18",
"url": "https://access.redhat.com/errata/RHSA-2025:14003"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02857-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022198.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02858-1 vom 2025-08-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022197.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02859-1 vom 2025-08-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LD4YB6F7MNGQGQU73AT5B2DURSYKBLRI/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02878-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022207.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02860-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022212.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02884-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022205.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02875-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022211.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02871-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022210.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02876-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022208.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02873-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022209.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02883-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022206.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14082 vom 2025-08-19",
"url": "https://access.redhat.com/errata/RHSA-2025:14082"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02897-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022217.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02909-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022224.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02911-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022223.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02922-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022235.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02917-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022222.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02918-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022221.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02894-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022219.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02908-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022218.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02902-1 vom 2025-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022216.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02923-1 vom 2025-08-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022237.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-13962 vom 2025-08-20",
"url": "https://linux.oracle.com/errata/ELSA-2025-13962.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02930-1 vom 2025-08-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022240.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02926-1 vom 2025-08-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022238.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02932-1 vom 2025-08-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022241.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02933-1 vom 2025-08-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022243.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02934-1 vom 2025-08-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022242.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02942-1 vom 2025-08-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022247.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02936-1 vom 2025-08-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022250.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02944-1 vom 2025-08-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022245.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02945-1 vom 2025-08-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022244.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02937-1 vom 2025-08-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022249.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02955-1 vom 2025-08-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022252.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02938-1 vom 2025-08-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022248.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02943-1 vom 2025-08-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022246.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-14009 vom 2025-08-22",
"url": "https://linux.oracle.com/errata/ELSA-2025-14009.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02969-1 vom 2025-08-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022259.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14497 vom 2025-08-25",
"url": "https://access.redhat.com/errata/RHSA-2025:14497"
},
{
"category": "external",
"summary": "Google Cloud Platform Security Bulletin GCP-2025-046 vom 2025-08-25",
"url": "https://cloud.google.com/support/bulletins#gcp-2025-046"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14599 vom 2025-08-26",
"url": "https://access.redhat.com/errata/RHSA-2025:14599"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:14811 vom 2025-08-28",
"url": "https://access.redhat.com/errata/RHSA-2025:14811"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02997-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022283.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:02996-1 vom 2025-08-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022291.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20586-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022295.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20577-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022304.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03011-1 vom 2025-08-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022327.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20602-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022362.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20601-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022363.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03023-1 vom 2025-08-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-August/022329.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15008 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15008"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15005 vom 2025-09-02",
"url": "https://access.redhat.com/errata/RHSA-2025:15005"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7712-2 vom 2025-09-02",
"url": "https://ubuntu.com/security/notices/USN-7712-2"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-15008 vom 2025-09-04",
"url": "https://linux.oracle.com/errata/ELSA-2025-15008.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-15005 vom 2025-09-05",
"url": "http://linux.oracle.com/errata/ELSA-2025-15005.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20551 vom 2025-09-09",
"url": "https://linux.oracle.com/errata/ELSA-2025-20551.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20638-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022436.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20653-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022432.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20639-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022439.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20648-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022431.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20669-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022482.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20678-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022475.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20677-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022474.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20676-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022473.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20679-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022472.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20680-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022471.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20681-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022470.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20684-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022469.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20682-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022468.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20685-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022467.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20687-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022465.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20688-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022464.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20690-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022463.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20686-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022466.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20689-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022462.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20635-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022447.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20636-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022446.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20641-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022445.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20637-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022444.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20633-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022443.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20640-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022442.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20642-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022441.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20644-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022440.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20647-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022433.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20645-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022434.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20643-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022435.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20646-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022437.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20634-1 vom 2025-09-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022438.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03204-1 vom 2025-09-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022522.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2025-104 vom 2025-09-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2025-104.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2025-109 vom 2025-09-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2025-109.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-3001 vom 2025-09-16",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-3001.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20713-1 vom 2025-09-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022559.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03272-1 vom 2025-09-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022589.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03290-1 vom 2025-09-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022602.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6009 vom 2025-09-23",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00173.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20609 vom 2025-09-23",
"url": "https://linux.oracle.com/errata/ELSA-2025-20609.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03310-1 vom 2025-09-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022610.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03301-1 vom 2025-09-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022605.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20632 vom 2025-09-25",
"url": "https://linux.oracle.com/errata/ELSA-2025-20632.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03344-1 vom 2025-09-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GKXOSPRZJUZDU6VCQLCJK56ZS5CAS3IE/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03382-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022721.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03384-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022723.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20756-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022703.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20781-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022662.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:16880 vom 2025-09-29",
"url": "https://access.redhat.com/errata/RHSA-2025:16880"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20739-1 vom 2025-09-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022711.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-16880 vom 2025-09-30",
"url": "https://linux.oracle.com/errata/ELSA-2025-16880.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17009 vom 2025-09-30",
"url": "https://access.redhat.com/errata/RHSA-2025:17009"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20645 vom 2025-09-30",
"url": "http://linux.oracle.com/errata/ELSA-2025-20645.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17124 vom 2025-10-01",
"url": "https://access.redhat.com/errata/RHSA-2025:17124"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17123 vom 2025-10-01",
"url": "https://access.redhat.com/errata/RHSA-2025:17123"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17109 vom 2025-09-30",
"url": "https://access.redhat.com/errata/RHSA-2025:17109"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17122 vom 2025-10-01",
"url": "https://access.redhat.com/errata/RHSA-2025:17122"
},
{
"category": "external",
"summary": "Dell Security Update vom 2025-10-02",
"url": "https://www.dell.com/support/kbdoc/000376224"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7791-1 vom 2025-10-01",
"url": "https://ubuntu.com/security/notices/USN-7791-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7792-1 vom 2025-10-01",
"url": "https://ubuntu.com/security/notices/USN-7792-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7793-1 vom 2025-10-01",
"url": "https://ubuntu.com/security/notices/USN-7793-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17161 vom 2025-10-01",
"url": "https://access.redhat.com/errata/RHSA-2025:17161"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7791-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7791-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7796-1 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7796-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17241 vom 2025-10-02",
"url": "https://access.redhat.com/errata/RHSA-2025:17241"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7793-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7793-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7795-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7796-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7795-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7795-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7793-3 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7793-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7792-2 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7792-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7801-1 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7801-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7796-3 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7796-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7799-1 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7799-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7793-4 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7793-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7800-1 vom 2025-10-02",
"url": "https://ubuntu.com/security/notices/USN-7800-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7791-3 vom 2025-10-06",
"url": "https://ubuntu.com/security/notices/USN-7791-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7801-2 vom 2025-10-06",
"url": "https://ubuntu.com/security/notices/USN-7801-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03480-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022785.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03472-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022780.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03476-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022777.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03475-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022778.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03473-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022779.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03470-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022781.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03469-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022782.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03468-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022783.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03479-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022784.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03465-1 vom 2025-10-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022774.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7792-3 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7792-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7808-1 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7808-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7793-5 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7793-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7809-1 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7809-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03485-1 vom 2025-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022786.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03483-1 vom 2025-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022787.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03482-1 vom 2025-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022788.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7810-1 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7810-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7811-1 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7811-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7795-3 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/USN-7795-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03495-1 vom 2025-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022793.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03494-1 vom 2025-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022794.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03497-1 vom 2025-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022792.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice LSN-0115-1 vom 2025-10-08",
"url": "https://ubuntu.com/security/notices/LSN-0115-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03498-1 vom 2025-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022791.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03496-1 vom 2025-10-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022795.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03504-1 vom 2025-10-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SECAEAK6WEIFWFKCJTBA2HF5JSEVDUS4/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03503-1 vom 2025-10-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JUWAQTIC7XPSFOY6GTF6ZLAS2JNMHEKU/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:16880 vom 2025-10-10",
"url": "https://errata.build.resf.org/RLSA-2025:16880"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03514-1 vom 2025-10-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XAWB2PO5O6CBDV27R7BVVXL54MXG5ST5/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03515-1 vom 2025-10-09",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WZMAWGSTVLDAWJ5BFWVU5QNELQPOARF5/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03529-1 vom 2025-10-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022817.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03539-1 vom 2025-10-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022824.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03528-1 vom 2025-10-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022818.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03538-1 vom 2025-10-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022825.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03557-1 vom 2025-10-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022848.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03543-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MC656OYGPRT7D2WOKGTVHYQVKRPDOF2M/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03553-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DVXXSG7PIJG7HTJMMXDXUMVAAMRTWXFG/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03551-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q32AAYIZHLE3LIPP3Z4RDEWKSNSLNSPT/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03548-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SOZC4LP2VEWOVXCP5X7JSFTFZEWXQE6H/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03554-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TH3AMQOQLP3DYM2S52DBRVQOATOXEZ4A/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03561-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EDKZECBROYLID7RUOUM6MR5E56GQ5YXO/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03572-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H42ZUMCQNM6SECA64UGAIN5EO4ZQWQEC/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03541-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XKOOHT7ZFB34FTK3MBV76ZBHNFB6V36H/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03550-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XDVJVXSYE6RDJE6PIFLUMFB5AKNRMVBB/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03562-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZI3AKM7E7S47J3CNR6BEEUR3FG2MK7N2/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03583-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AB4IURMPH2RSCVO4LUVSAHXMK4VQMQOA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03559-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPHXJO5EMVRKXZC5ZXKEJXDYNB4RJTVU/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03578-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JE73VH4T37L5F3VWVHXRSVC6UFH7VY2G/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03555-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QIU2ENCHZ6TGXFRZ6RCIDKC37OKELKRV/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03563-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EC4PXMLKKMVMYAUI5S3O2XUOAVVXC2CO/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03580-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S6S2ABU6DFOD2DPFHPKIDP3QVGRAYOKO/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03577-1 vom 2025-10-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022835.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03576-1 vom 2025-10-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022836.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03575-1 vom 2025-10-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022837.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03571-1 vom 2025-10-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022839.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03569-1 vom 2025-10-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022840.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03568-1 vom 2025-10-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022841.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03567-1 vom 2025-10-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022842.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03566-1 vom 2025-10-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022843.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03552-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ASE45FGX2RMM2GBDZF272V6E2AUS53WZ/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4327 vom 2025-10-13",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4328 vom 2025-10-13",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20663 vom 2025-10-13",
"url": "https://linux.oracle.com/errata/ELSA-2025-20663.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7796-4 vom 2025-10-13",
"url": "https://ubuntu.com/security/notices/USN-7796-4"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7819-1 vom 2025-10-13",
"url": "https://ubuntu.com/security/notices/USN-7819-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7820-1 vom 2025-10-13",
"url": "https://ubuntu.com/security/notices/USN-7820-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20806-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022878.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20807-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022877.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20808-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022876.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20809-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022875.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20810-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022874.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20812-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022872.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20811-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022873.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20813-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022871.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20814-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022870.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20815-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022869.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20816-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022868.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20817-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022867.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20818-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022866.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20819-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022865.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20820-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022864.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20830-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022895.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7808-2 vom 2025-10-14",
"url": "https://ubuntu.com/security/notices/USN-7808-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7821-1 vom 2025-10-14",
"url": "https://ubuntu.com/security/notices/USN-7821-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7810-3 vom 2025-10-14",
"url": "https://ubuntu.com/security/notices/USN-7810-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7810-2 vom 2025-10-14",
"url": "https://ubuntu.com/security/notices/USN-7810-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7791-4 vom 2025-10-14",
"url": "https://ubuntu.com/security/notices/USN-7791-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20832-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022893.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20831-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022894.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20829-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022896.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20826-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022899.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20841-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022884.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20828-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022897.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20827-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022898.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20842-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022883.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20840-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022885.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20839-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022886.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20838-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022887.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20837-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022888.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20833-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022892.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20834-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022891.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20836-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022889.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20835-1 vom 2025-10-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022890.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20716 vom 2025-10-15",
"url": "https://linux.oracle.com/errata/ELSA-2025-20716.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03615-1 vom 2025-10-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BVPLWRQN6MVKFQDJSEKN2JP6PMSGIO4Q/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03601-1 vom 2025-10-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022903.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7801-3 vom 2025-10-15",
"url": "https://ubuntu.com/security/notices/USN-7801-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03602-1 vom 2025-10-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022908.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03600-1 vom 2025-10-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VHWHH7ZSMFJ6PQZ3CBDGGCWHNBCWD26Z/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03613-1 vom 2025-10-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022915.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03614-1 vom 2025-10-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022911.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03626-1 vom 2025-10-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z3DYHRRLY43MYRNEEU5SFR4ZRMSPITED/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03633-1 vom 2025-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022926.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03628-1 vom 2025-10-17",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O6BEPQBC4GULLYP5G3VVU4ZS37B7I6EV/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03634-1 vom 2025-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022925.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03646-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022939.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03650-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022941.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03638-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022942.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03636-1 vom 2025-10-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022943.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-17161 vom 2025-10-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-17161.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7819-2 vom 2025-10-22",
"url": "https://ubuntu.com/security/notices/USN-7819-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3716-1 vom 2025-10-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022962.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3742-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V7WMM33D7UTTQM25T2XCVZHFJKIMM3TO/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3742-1 vom 2025-10-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022975.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3764-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SP6KY7ONJTFGDWCHVV7CO7D4KUEJ27DA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3765-1 vom 2025-10-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022991.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3751-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NMB6RXALFYMRMM4UK7R54RAQRCZJEBH4/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3761-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MLTPAKCOQABZPEY7O35CI42PHK5WNIUQ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3762-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L5PU3QBFUI54V4YM7FX4AIWKDVDLIFMV/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3755-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZFR7CE7W5U4CT7EDERPCHLWSGEIHWJLA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3748-1 vom 2025-10-23",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BYXC2NBEEGHSFXWCA3DVT5LVZMZ5RRNP/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3771-1 vom 2025-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022995.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3768-1 vom 2025-10-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JX5Y5NWCULMT7SH5C6ZUDMMTVZPLLOJC/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:3772-1 vom 2025-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/022994.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7795-4 vom 2025-10-24",
"url": "https://ubuntu.com/security/notices/USN-7795-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20861-1 vom 2025-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023019.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20851-1 vom 2025-10-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023025.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20876-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023054.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249276 vom 2025-10-27",
"url": "https://www.ibm.com/support/pages/node/7249276"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20875-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023055.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20886-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023044.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20874-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023056.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20883-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023047.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20884-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023046.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20887-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023043.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20870-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023060.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20882-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023048.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20881-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023049.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20891-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023039.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20885-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023045.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20879-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023051.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20888-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023042.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20873-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023057.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20878-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023052.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20877-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023053.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20890-1 vom 2025-10-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023040.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20920-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023095.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20912-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023103.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20906-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023109.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-404 vom 2025-10-31",
"url": "https://www.dell.com/support/kbdoc/000385435"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20913-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023102.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20904-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023111.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20914-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023101.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7854-1 vom 2025-10-30",
"url": "https://ubuntu.com/security/notices/USN-7854-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20907-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023108.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20905-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023110.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20903-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023112.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20918-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023097.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20915-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023100.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20916-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023099.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20917-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023098.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20909-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023106.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20902-1 vom 2025-10-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023113.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-390 vom 2025-11-05",
"url": "https://www.dell.com/support/kbdoc/000385230"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7795-5 vom 2025-11-07",
"url": "https://ubuntu.com/security/notices/USN-7795-5"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:20095 vom 2025-11-11",
"url": "https://access.redhat.com/errata/RHSA-2025:20095"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-25757 vom 2025-11-12",
"url": "https://linux.oracle.com/errata/ELSA-2025-25757.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20994-1 vom 2025-11-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023276.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20996-1 vom 2025-11-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023275.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21667 vom 2025-11-18",
"url": "https://access.redhat.com/errata/RHSA-2025:21667"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4123-1 vom 2025-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023296.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4135-1 vom 2025-11-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023300.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7875-1 vom 2025-11-19",
"url": "https://ubuntu.com/security/notices/USN-7875-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4149-1 vom 2025-11-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023309.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7879-1 vom 2025-11-21",
"url": "https://ubuntu.com/security/notices/USN-7879-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4188-1 vom 2025-11-24",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LVPUJWNDCBFGM2O2EFX4S5QBPKDARVQ7/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7879-3 vom 2025-11-26",
"url": "https://ubuntu.com/security/notices/USN-7879-3"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025-20081-1 vom 2025-11-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J4KLZE7HUQJ2N6IQEI3G2KJZ5VB36YBI/"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:20095 vom 2025-11-27",
"url": "https://errata.build.resf.org/RLSA-2025:20095"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21074-1 vom 2025-11-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023431.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7909-1 vom 2025-12-04",
"url": "https://ubuntu.com/security/notices/USN-7909-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7909-2 vom 2025-12-04",
"url": "https://ubuntu.com/security/notices/USN-7909-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7909-3 vom 2025-12-04",
"url": "https://ubuntu.com/security/notices/USN-7909-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7910-1 vom 2025-12-04",
"url": "https://ubuntu.com/security/notices/USN-7910-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4320-1 vom 2025-12-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023445.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22752 vom 2025-12-04",
"url": "https://access.redhat.com/errata/RHSA-2025:22752"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7909-4 vom 2025-12-05",
"url": "https://ubuntu.com/security/notices/USN-7909-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21179-1 vom 2025-12-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023499.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21139-1 vom 2025-12-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023515.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-28049 vom 2025-12-15",
"url": "https://linux.oracle.com/errata/ELSA-2025-28049.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7938-1 vom 2025-12-16",
"url": "https://ubuntu.com/security/notices/USN-7938-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-21063 vom 2025-12-17",
"url": "https://linux.oracle.com/errata/ELSA-2025-21063.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7256201 vom 2026-01-05",
"url": "https://www.ibm.com/support/pages/node/7256201"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0144-1 vom 2026-01-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023788.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0166-1 vom 2026-01-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023794.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0163-1 vom 2026-01-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023795.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0174-1 vom 2026-01-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EYNRLMEYZG4OCUWVVR7BLL22PT3MTAV7/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0176-1 vom 2026-01-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PSMTB6JYSBEU2CF3OD7SW3ZIJGKEKBZA/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0173-1 vom 2026-01-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/C7EZZMG5MOJB6A2OZ4KLGVN4SVE4LWEL/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0168-1 vom 2026-01-20",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DUZFNORTIL7FT4JAMWNYAWMBHYUP24BR/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0171-1 vom 2026-01-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023801.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0187-1 vom 2026-01-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023824.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0186-1 vom 2026-01-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023825.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0188-1 vom 2026-01-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023823.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0184-1 vom 2026-01-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023822.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0180-1 vom 2026-01-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023805.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20260121-0006 vom 2026-01-21",
"url": "https://security.netapp.com/advisory/NTAP-20260121-0006"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0206-1 vom 2026-01-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023836.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20260121-0007 vom 2026-01-21",
"url": "https://security.netapp.com/advisory/NTAP-20260121-0007"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0191-1 vom 2026-01-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023827.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0246-1 vom 2026-01-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023844.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0274-1 vom 2026-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023907.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0270-1 vom 2026-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023900.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0283-1 vom 2026-01-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RL3G7CGUCYSV3BWUFT3T7JKBIRLXKROU/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0284-1 vom 2026-01-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023910.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-22910 vom 2026-01-29",
"url": "https://linux.oracle.com/errata/ELSA-2025-22910.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-030 vom 2026-01-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000421570/dsa-2026-030-security-update-for-dell-networker-vproxy-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8028-1 vom 2026-02-11",
"url": "https://ubuntu.com/security/notices/USN-8028-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8028-2 vom 2026-02-12",
"url": "https://ubuntu.com/security/notices/USN-8028-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20332-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024163.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20258-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024219.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20257-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024226.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20255-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024228.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20259-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024216.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20265-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024218.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20330-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024165.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20331-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024164.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20316-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024178.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20324-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024171.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20249-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024227.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20251-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024231.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20248-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024230.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20253-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024223.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20310-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024183.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20256-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024221.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20309-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024184.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20252-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024225.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20266-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024217.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20323-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024172.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20377-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024315.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20376-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024316.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20385-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024307.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8028-5 vom 2026-02-17",
"url": "https://ubuntu.com/security/notices/USN-8028-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8028-3 vom 2026-02-17",
"url": "https://ubuntu.com/security/notices/USN-8028-3"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20400-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024292.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20397-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024295.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20392-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024300.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20395-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024297.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20393-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024299.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20380-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024312.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8028-4 vom 2026-02-17",
"url": "https://ubuntu.com/security/notices/USN-8028-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20394-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024298.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20379-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024313.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20396-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024296.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20378-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024314.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8031-2 vom 2026-02-18",
"url": "https://ubuntu.com/security/notices/USN-8031-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8052-1 vom 2026-02-19",
"url": "https://ubuntu.com/security/notices/USN-8052-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8028-6 vom 2026-02-19",
"url": "https://ubuntu.com/security/notices/USN-8028-6"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8031-3 vom 2026-02-19",
"url": "https://ubuntu.com/security/notices/USN-8031-3"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-0755 vom 2026-02-18",
"url": "https://linux.oracle.com/errata/ELSA-2026-0755.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8028-7 vom 2026-02-19",
"url": "https://ubuntu.com/security/notices/USN-8028-7"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8052-2 vom 2026-02-24",
"url": "https://ubuntu.com/security/notices/USN-8052-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8028-8 vom 2026-02-24",
"url": "https://ubuntu.com/security/notices/USN-8028-8"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8074-1 vom 2026-03-04",
"url": "https://ubuntu.com/security/notices/USN-8074-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice LSN-0118-1 vom 2026-03-04",
"url": "https://ubuntu.com/security/notices/LSN-0118-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-1581 vom 2026-03-04",
"url": "https://linux.oracle.com/errata/ELSA-2026-1581.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8074-2 vom 2026-03-04",
"url": "https://ubuntu.com/security/notices/USN-8074-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20560-1 vom 2026-03-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024586.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0953-1 vom 2026-03-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024785.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0941-1 vom 2026-03-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024781.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0939-1 vom 2026-03-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024788.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0940-1 vom 2026-03-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024782.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0951-1 vom 2026-03-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024786.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0983-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024814.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0954-1 vom 2026-03-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024792.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0958-1 vom 2026-03-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024804.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0985-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024837.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20809-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024880.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20803-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024886.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20810-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024879.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20811-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024878.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20812-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024877.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20814-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024875.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0992-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024869.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20798-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024891.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20800-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024889.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20801-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024888.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20802-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024887.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20804-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024885.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20805-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024884.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20806-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024883.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-3685 vom 2026-03-25",
"url": "https://linux.oracle.com/errata/ELSA-2026-3685.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20786-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024848.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20787-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024847.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20785-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024849.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20783-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024851.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20782-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024852.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20781-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024853.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20780-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024854.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20788-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024846.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20789-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024845.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20790-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024844.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20791-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024843.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20774-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024860.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20773-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024861.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20777-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024857.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20778-1 vom 2026-03-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024856.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20813-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024876.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20808-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024881.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8126-1 vom 2026-03-25",
"url": "https://ubuntu.com/security/notices/USN-8126-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1000-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024902.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1002-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024904.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1039-1 vom 2026-03-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024926.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1044-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024931.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1046-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024929.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1083-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024952.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1073-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024955.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1049-1 vom 2026-03-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024933.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1088-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024961.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1089-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024960.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20860-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024980.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20831-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025006.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1132-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025029.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20862-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024978.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20863-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024977.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20850-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024990.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20853-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024987.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20854-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024986.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20857-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024983.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20852-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024988.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20858-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024982.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20859-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024981.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1125-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025019.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20849-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024991.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20861-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024979.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20841-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024996.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1096-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025014.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1101-1 vom 2026-03-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025011.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20851-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024989.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20847-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024993.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20848-1 vom 2026-03-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024992.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20893-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025039.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20892-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025040.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20891-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025041.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20897-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025035.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20885-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025046.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20880-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025051.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20883-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025048.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20896-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025036.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20895-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025037.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20894-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025038.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20882-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025049.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20886-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025045.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20884-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025047.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20881-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025050.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20898-1 vom 2026-03-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025034.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20946-1 vom 2026-04-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025074.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:18134 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:18134"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:18587 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:18587"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-19T22:00:00.000+00:00",
"generator": {
"date": "2026-05-20T08:32:01.585+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2025-1665",
"initial_release_date": "2025-07-28T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-07-28T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-08-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-08-17T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-08-18T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-20T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-21T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-24T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-25T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat und Google aufgenommen"
},
{
"date": "2025-08-27T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2025-08-28T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-31T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-01T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-03T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-09-04T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-09-08T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-09-10T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-14T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-16T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-18T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-22T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von SUSE und Debian aufgenommen"
},
{
"date": "2025-09-23T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-24T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Oracle Linux und SUSE aufgenommen"
},
{
"date": "2025-09-28T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2025-09-29T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-09-30T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Dell, Ubuntu und Red Hat aufgenommen"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-10-06T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-10-07T22:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-08T22:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-10-09T22:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und SUSE aufgenommen"
},
{
"date": "2025-10-12T22:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-13T22:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Oracle Linux und Ubuntu aufgenommen"
},
{
"date": "2025-10-14T22:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-10-15T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-19T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-20T22:00:00.000+00:00",
"number": "43",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-10-21T22:00:00.000+00:00",
"number": "44",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-10-22T22:00:00.000+00:00",
"number": "45",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-23T22:00:00.000+00:00",
"number": "46",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-26T23:00:00.000+00:00",
"number": "47",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-27T23:00:00.000+00:00",
"number": "48",
"summary": "Neue Updates von SUSE und IBM aufgenommen"
},
{
"date": "2025-10-30T23:00:00.000+00:00",
"number": "49",
"summary": "Neue Updates von SUSE, Dell und Ubuntu aufgenommen"
},
{
"date": "2025-11-04T23:00:00.000+00:00",
"number": "50",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-11-06T23:00:00.000+00:00",
"number": "51",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "52",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "53",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-17T23:00:00.000+00:00",
"number": "54",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "55",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-19T23:00:00.000+00:00",
"number": "56",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-11-20T23:00:00.000+00:00",
"number": "57",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-23T23:00:00.000+00:00",
"number": "58",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-11-24T23:00:00.000+00:00",
"number": "59",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "60",
"summary": "Neue Updates von Ubuntu und openSUSE aufgenommen"
},
{
"date": "2025-11-26T23:00:00.000+00:00",
"number": "61",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-11-30T23:00:00.000+00:00",
"number": "62",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-03T23:00:00.000+00:00",
"number": "63",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-12-04T23:00:00.000+00:00",
"number": "64",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "65",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "66",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-15T23:00:00.000+00:00",
"number": "67",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-12-16T23:00:00.000+00:00",
"number": "68",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2026-01-04T23:00:00.000+00:00",
"number": "69",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-01-18T23:00:00.000+00:00",
"number": "70",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-19T23:00:00.000+00:00",
"number": "71",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-20T23:00:00.000+00:00",
"number": "72",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-21T23:00:00.000+00:00",
"number": "73",
"summary": "Neue Updates von NetApp und SUSE aufgenommen"
},
{
"date": "2026-01-22T23:00:00.000+00:00",
"number": "74",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "75",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-29T23:00:00.000+00:00",
"number": "76",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "77",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-02-15T23:00:00.000+00:00",
"number": "78",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-02-16T23:00:00.000+00:00",
"number": "79",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-02-17T23:00:00.000+00:00",
"number": "80",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2026-02-18T23:00:00.000+00:00",
"number": "81",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2026-02-19T23:00:00.000+00:00",
"number": "82",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-02-24T23:00:00.000+00:00",
"number": "83",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-03-04T23:00:00.000+00:00",
"number": "84",
"summary": "Neue Updates von Ubuntu und Oracle Linux aufgenommen"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "85",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-22T23:00:00.000+00:00",
"number": "86",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "87",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "88",
"summary": "Neue Updates von SUSE und Oracle Linux aufgenommen"
},
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "89",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "90",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-29T22:00:00.000+00:00",
"number": "91",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "92",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-01T22:00:00.000+00:00",
"number": "93",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "94",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "95",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "95"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Virtual Edition",
"product": {
"name": "Dell NetWorker Virtual Edition",
"product_id": "T048226",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual_edition"
}
}
},
{
"category": "product_version_range",
"name": "vProxy \u003c19.14",
"product": {
"name": "Dell NetWorker vProxy \u003c19.14",
"product_id": "T050451"
}
},
{
"category": "product_version",
"name": "vProxy 19.14",
"product": {
"name": "Dell NetWorker vProxy 19.14",
"product_id": "T050451-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy__19.14"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.4.0.0",
"product_id": "T045879"
}
},
{
"category": "product_version",
"name": "8.4.0.0",
"product": {
"name": "Dell PowerProtect Data Domain 8.4.0.0",
"product_id": "T045879-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.4.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.10.1.70",
"product_id": "T045881"
}
},
{
"category": "product_version",
"name": "7.10.1.70",
"product": {
"name": "Dell PowerProtect Data Domain 7.10.1.70",
"product_id": "T045881-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.10.1.70"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.13.1.40",
"product_id": "T047343"
}
},
{
"category": "product_version",
"name": "7.13.1.40",
"product": {
"name": "Dell PowerProtect Data Domain 7.13.1.40",
"product_id": "T047343-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.13.1.40"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.3.1.10",
"product_id": "T047344"
}
},
{
"category": "product_version",
"name": "8.3.1.10",
"product": {
"name": "Dell PowerProtect Data Domain 8.3.1.10",
"product_id": "T047344-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.3.1.10"
}
}
}
],
"category": "product_name",
"name": "PowerProtect Data Domain"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Appliance \u003c5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance \u003c5.32.00.18",
"product_id": "T048301"
}
},
{
"category": "product_version",
"name": "Appliance 5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance 5.32.00.18",
"product_id": "T048301-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:appliance__5.32.00.18"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Container-Optimized OS",
"product": {
"name": "Google Container-Optimized OS",
"product_id": "1607324",
"product_identification_helper": {
"cpe": "cpe:/o:google:container-optimized_os:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.9.1",
"product": {
"name": "IBM Security Verify Access \u003c10.0.9.1",
"product_id": "T049459"
}
},
{
"category": "product_version",
"name": "10.0.9.1",
"product": {
"name": "IBM Security Verify Access 10.0.9.1",
"product_id": "T049459-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:v10.0.9.1"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T043317",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:vsphere"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T046484",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-50047",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2024-50047"
},
{
"cve": "CVE-2025-38468",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38468"
},
{
"cve": "CVE-2025-38469",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38469"
},
{
"cve": "CVE-2025-38470",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38470"
},
{
"cve": "CVE-2025-38471",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38471"
},
{
"cve": "CVE-2025-38472",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38472"
},
{
"cve": "CVE-2025-38473",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38473"
},
{
"cve": "CVE-2025-38474",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38474"
},
{
"cve": "CVE-2025-38475",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38475"
},
{
"cve": "CVE-2025-38476",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38476"
},
{
"cve": "CVE-2025-38477",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38477"
},
{
"cve": "CVE-2025-38478",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38478"
},
{
"cve": "CVE-2025-38480",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38480"
},
{
"cve": "CVE-2025-38481",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38481"
},
{
"cve": "CVE-2025-38482",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38482"
},
{
"cve": "CVE-2025-38483",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38483"
},
{
"cve": "CVE-2025-38484",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38484"
},
{
"cve": "CVE-2025-38485",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38485"
},
{
"cve": "CVE-2025-38486",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38486"
},
{
"cve": "CVE-2025-38487",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38487"
},
{
"cve": "CVE-2025-38488",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38488"
},
{
"cve": "CVE-2025-38489",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38489"
},
{
"cve": "CVE-2025-38490",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38490"
},
{
"cve": "CVE-2025-38491",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38491"
},
{
"cve": "CVE-2025-38492",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38492"
},
{
"cve": "CVE-2025-38493",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38493"
},
{
"cve": "CVE-2025-38494",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38495"
},
{
"cve": "CVE-2025-38496",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38496"
},
{
"cve": "CVE-2025-38497",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T050451",
"T032255",
"T039664",
"2951",
"T002207",
"T045879",
"T000126",
"T021415",
"T043317",
"T027843",
"T046484",
"T047343",
"398363",
"1607324",
"T049459",
"T048226",
"T045881",
"T047344",
"T048301"
]
},
"release_date": "2025-07-28T22:00:00.000+00:00",
"title": "CVE-2025-38497"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…