Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-38664 (GCVE-0-2025-38664)
Vulnerability from cvelistv5 – Published: 2025-08-22 16:02 – Updated: 2026-05-11 21:32
VLAI
EPSS
Title
ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
Add check for the return value of devm_kmemdup()
to prevent potential null pointer dereference.
Severity
5.5 (Medium)
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c7648810961682b9388be2dd041df06915647445 , < 35370d3b44efe194fd5ad55bac987e629597d782
(git)
Affected: c7648810961682b9388be2dd041df06915647445 , < 435462f8ab2b9c5340a5414ce02f70117d0cfede (git) Affected: c7648810961682b9388be2dd041df06915647445 , < 7c5a13c76dd37e9e4f8d48b87376a54f4399ce15 (git) Affected: c7648810961682b9388be2dd041df06915647445 , < 1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b (git) Affected: c7648810961682b9388be2dd041df06915647445 , < 3028f2a4e746b499043bbb8ab816f975473a0535 (git) Affected: c7648810961682b9388be2dd041df06915647445 , < 0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7 (git) Affected: c7648810961682b9388be2dd041df06915647445 , < 6d640a8ea62435a7f6f89869bee4fa99423d07ca (git) Affected: c7648810961682b9388be2dd041df06915647445 , < 4ff12d82dac119b4b99b5a78b5af3bf2474c0a36 (git) |
|
| Linux | Linux |
Affected:
5.4
Unaffected: 0 , < 5.4 (semver) Unaffected: 5.4.297 , ≤ 5.4.* (semver) Unaffected: 5.10.241 , ≤ 5.10.* (semver) Unaffected: 5.15.190 , ≤ 5.15.* (semver) Unaffected: 6.1.148 , ≤ 6.1.* (semver) Unaffected: 6.6.101 , ≤ 6.6.* (semver) Unaffected: 6.12.41 , ≤ 6.12.* (semver) Unaffected: 6.15.9 , ≤ 6.15.* (semver) Unaffected: 6.16 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:40:50.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_ddp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "35370d3b44efe194fd5ad55bac987e629597d782",
"status": "affected",
"version": "c7648810961682b9388be2dd041df06915647445",
"versionType": "git"
},
{
"lessThan": "435462f8ab2b9c5340a5414ce02f70117d0cfede",
"status": "affected",
"version": "c7648810961682b9388be2dd041df06915647445",
"versionType": "git"
},
{
"lessThan": "7c5a13c76dd37e9e4f8d48b87376a54f4399ce15",
"status": "affected",
"version": "c7648810961682b9388be2dd041df06915647445",
"versionType": "git"
},
{
"lessThan": "1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b",
"status": "affected",
"version": "c7648810961682b9388be2dd041df06915647445",
"versionType": "git"
},
{
"lessThan": "3028f2a4e746b499043bbb8ab816f975473a0535",
"status": "affected",
"version": "c7648810961682b9388be2dd041df06915647445",
"versionType": "git"
},
{
"lessThan": "0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7",
"status": "affected",
"version": "c7648810961682b9388be2dd041df06915647445",
"versionType": "git"
},
{
"lessThan": "6d640a8ea62435a7f6f89869bee4fa99423d07ca",
"status": "affected",
"version": "c7648810961682b9388be2dd041df06915647445",
"versionType": "git"
},
{
"lessThan": "4ff12d82dac119b4b99b5a78b5af3bf2474c0a36",
"status": "affected",
"version": "c7648810961682b9388be2dd041df06915647445",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_ddp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.297",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.241",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.15.*",
"status": "unaffected",
"version": "6.15.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.297",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.241",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.190",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.148",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.101",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.41",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15.9",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:32:35.345Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782"
},
{
"url": "https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede"
},
{
"url": "https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15"
},
{
"url": "https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b"
},
{
"url": "https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab816f975473a0535"
},
{
"url": "https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7"
},
{
"url": "https://git.kernel.org/stable/c/6d640a8ea62435a7f6f89869bee4fa99423d07ca"
},
{
"url": "https://git.kernel.org/stable/c/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36"
}
],
"title": "ice: Fix a null pointer dereference in ice_copy_and_init_pkg()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38664",
"datePublished": "2025-08-22T16:02:56.707Z",
"dateReserved": "2025-04-16T04:51:24.031Z",
"dateUpdated": "2026-05-11T21:32:35.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-38664",
"date": "2026-06-13",
"epss": "0.00025",
"percentile": "0.0743"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38664\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-22T16:15:41.723\",\"lastModified\":\"2026-01-07T17:32:42.743\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\\n\\nAdd check for the return value of devm_kmemdup()\\nto prevent potential null pointer dereference.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: Se corrige una desreferencia de puntero nulo en ice_copy_and_init_pkg(). Se agrega una verificaci\u00f3n para el valor de retorno de devm_kmemdup() para evitar una posible desreferencia de puntero nulo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4\",\"versionEndExcluding\":\"5.4.297\",\"matchCriteriaId\":\"D134DFF3-E3EE-420A-9A99-68043DDAEB75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.241\",\"matchCriteriaId\":\"D0D21C35-EB8A-488A-BBF9-403E4817E5DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.190\",\"matchCriteriaId\":\"AD9E597F-3DDE-4D7E-976C-463D0611F13F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.148\",\"matchCriteriaId\":\"3E5B1B93-C244-4B54-B3AB-12C2635A443B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.101\",\"matchCriteriaId\":\"686C7A1C-35F3-495D-9825-94B5BCED2705\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.41\",\"matchCriteriaId\":\"7B9B92B6-A7E5-4697-AB94-8432ED55AA05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.15.9\",\"matchCriteriaId\":\"656D6B8C-4D7B-4385-98B6-44EA4AFADD2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D4894DB-CCFE-4602-B1BF-3960B2E19A01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"09709862-E348-4378-8632-5A7813EDDC86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"415BF58A-8197-43F5-B3D7-D1D63057A26E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0517869-312D-4429-80C2-561086E1421C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"85421F4E-C863-4ABF-B4B4-E887CC2F7F92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3827F0D4-5FEE-4181-B267-5A45E7CA11FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.16:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A9C2DE5-43B8-4D73-BDB5-EA55C7671A52\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0fde7dccbf4c8a6d7940ecaf4c3d80a12f405dd7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1c30093d58cd3d02d8358e2b1f4a06a0aae0bf5b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3028f2a4e746b499043bbb8ab816f975473a0535\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/35370d3b44efe194fd5ad55bac987e629597d782\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/435462f8ab2b9c5340a5414ce02f70117d0cfede\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4ff12d82dac119b4b99b5a78b5af3bf2474c0a36\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6d640a8ea62435a7f6f89869bee4fa99423d07ca\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/7c5a13c76dd37e9e4f8d48b87376a54f4399ce15\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2025:20955-1
Vulnerability from csaf_suse - Published: 2025-11-05 16:34 - Updated: 2025-11-05 16:34Summary
Security update for kernel-livepatch-MICRO-6-0_Update_5
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0_Update_5
Description of the patch: This update for kernel-livepatch-MICRO-6-0_Update_5 fixes the following issues:
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)
Patchnames: SUSE-SLE-Micro-6.0-kernel-198
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0_Update_5",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0_Update_5 fixes the following issues:\n\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-198",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20955-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20955-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520955-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20955-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023230.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248631",
"url": "https://bugzilla.suse.com/1248631"
},
{
"category": "self",
"summary": "SUSE Bug 1249207",
"url": "https://bugzilla.suse.com/1249207"
},
{
"category": "self",
"summary": "SUSE Bug 1249208",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0_Update_5",
"tracking": {
"current_release_date": "2025-11-05T16:34:28Z",
"generator": {
"date": "2025-11-05T16:34:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20955-1",
"initial_release_date": "2025-11-05T16:34:28Z",
"revision_history": [
{
"date": "2025-11-05T16:34:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"product_id": "kernel-livepatch-6_4_0-25-default-11-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-25-default-11-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-25-default-11-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-25-default-11-1.2.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-25-default-11-1.2.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-25-default-11-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:34:28Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:34:28Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-25-default-11-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:34:28Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
}
]
}
SUSE-SU-2025:20956-1
Vulnerability from csaf_suse - Published: 2025-11-05 16:34 - Updated: 2025-11-05 16:34Summary
Security update for kernel-livepatch-MICRO-6-0_Update_8
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0_Update_8
Description of the patch: This update for kernel-livepatch-MICRO-6-0_Update_8 fixes the following issues:
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)
Patchnames: SUSE-SLE-Micro-6.0-kernel-199
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0_Update_8",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0_Update_8 fixes the following issues:\n\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-199",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20956-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20956-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520956-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20956-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023229.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248631",
"url": "https://bugzilla.suse.com/1248631"
},
{
"category": "self",
"summary": "SUSE Bug 1249207",
"url": "https://bugzilla.suse.com/1249207"
},
{
"category": "self",
"summary": "SUSE Bug 1249208",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0_Update_8",
"tracking": {
"current_release_date": "2025-11-05T16:34:09Z",
"generator": {
"date": "2025-11-05T16:34:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20956-1",
"initial_release_date": "2025-11-05T16:34:09Z",
"revision_history": [
{
"date": "2025-11-05T16:34:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"product_id": "kernel-livepatch-6_4_0-30-default-8-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-30-default-8-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-30-default-8-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-30-default-8-1.2.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-30-default-8-1.2.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-30-default-8-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-8-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:34:09Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
}
]
}
SUSE-SU-2025:20957-1
Vulnerability from csaf_suse - Published: 2025-11-05 16:33 - Updated: 2025-11-05 16:33Summary
Security update for kernel-livepatch-MICRO-6-0_Update_9
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0_Update_9
Description of the patch: This update for kernel-livepatch-MICRO-6-0_Update_9 fixes the following issues:
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)
Patchnames: SUSE-SLE-Micro-6.0-kernel-200
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0_Update_9",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0_Update_9 fixes the following issues:\n\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-200",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20957-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20957-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520957-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20957-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023228.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248631",
"url": "https://bugzilla.suse.com/1248631"
},
{
"category": "self",
"summary": "SUSE Bug 1249207",
"url": "https://bugzilla.suse.com/1249207"
},
{
"category": "self",
"summary": "SUSE Bug 1249208",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0_Update_9",
"tracking": {
"current_release_date": "2025-11-05T16:33:38Z",
"generator": {
"date": "2025-11-05T16:33:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20957-1",
"initial_release_date": "2025-11-05T16:33:38Z",
"revision_history": [
{
"date": "2025-11-05T16:33:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"product_id": "kernel-livepatch-6_4_0-31-default-8-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-31-default-8-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-31-default-8-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-31-default-8-1.2.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-31-default-8-1.2.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-31-default-8-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:33:38Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:33:38Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-8-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:33:38Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
}
]
}
SUSE-SU-2025:20958-1
Vulnerability from csaf_suse - Published: 2025-11-05 16:33 - Updated: 2025-11-05 16:33Summary
Security update for kernel-livepatch-MICRO-6-0_Update_11
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0_Update_11
Description of the patch: This update for kernel-livepatch-MICRO-6-0_Update_11 fixes the following issues:
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)
- CVE-2025-38678: nf_tables: reject duplicate device on updates (bsc#1249534)
Patchnames: SUSE-SLE-Micro-6.0-kernel-201
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0_Update_11",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0_Update_11 fixes the following issues:\n\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)\n- CVE-2025-38678: nf_tables: reject duplicate device on updates (bsc#1249534)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-201",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20958-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20958-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520958-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20958-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023227.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248631",
"url": "https://bugzilla.suse.com/1248631"
},
{
"category": "self",
"summary": "SUSE Bug 1249534",
"url": "https://bugzilla.suse.com/1249534"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38678 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38678/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0_Update_11",
"tracking": {
"current_release_date": "2025-11-05T16:33:53Z",
"generator": {
"date": "2025-11-05T16:33:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20958-1",
"initial_release_date": "2025-11-05T16:33:53Z",
"revision_history": [
{
"date": "2025-11-05T16:33:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-34-default-2-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-34-default-2-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-34-default-2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-34-default-2-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-34-default-2-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-34-default-2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-34-default-2-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-34-default-2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-34-default-2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-34-default-2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
},
{
"cve": "CVE-2025-38678",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38678"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: reject duplicate device on updates\n\nA chain/flowtable update with duplicated devices in the same batch is\npossible. Unfortunately, netdev event path only removes the first\ndevice that is found, leaving unregistered the hook of the duplicated\ndevice.\n\nCheck if a duplicated device exists in the transaction batch, bail out\nwith EEXIST in such case.\n\nWARNING is hit when unregistering the hook:\n\n [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150\n [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full)\n [...]\n [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38678",
"url": "https://www.suse.com/security/cve/CVE-2025-38678"
},
{
"category": "external",
"summary": "SUSE Bug 1249126 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249126"
},
{
"category": "external",
"summary": "SUSE Bug 1249534 for CVE-2025-38678",
"url": "https://bugzilla.suse.com/1249534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:33:53Z",
"details": "important"
}
],
"title": "CVE-2025-38678"
}
]
}
SUSE-SU-2025:20959-1
Vulnerability from csaf_suse - Published: 2025-11-06 11:20 - Updated: 2025-11-06 11:20Summary
Security update for kernel-livepatch-MICRO-6-0-RT_Update_2
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0-RT_Update_2
Description of the patch: This update for kernel-livepatch-MICRO-6-0-RT_Update_2 fixes the following issues:
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019)
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)
Patchnames: SUSE-SLE-Micro-6.0-kernel-202
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0-RT_Update_2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0-RT_Update_2 fixes the following issues:\n\n- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019)\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-202",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20959-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20959-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520959-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20959-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023226.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246019",
"url": "https://bugzilla.suse.com/1246019"
},
{
"category": "self",
"summary": "SUSE Bug 1248631",
"url": "https://bugzilla.suse.com/1248631"
},
{
"category": "self",
"summary": "SUSE Bug 1249207",
"url": "https://bugzilla.suse.com/1249207"
},
{
"category": "self",
"summary": "SUSE Bug 1249208",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53164 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0-RT_Update_2",
"tracking": {
"current_release_date": "2025-11-06T11:20:15Z",
"generator": {
"date": "2025-11-06T11:20:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20959-1",
"initial_release_date": "2025-11-06T11:20:15Z",
"revision_history": [
{
"date": "2025-11-06T11:20:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53164"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ordering of qlen adjustment\n\nChanges to sch-\u003eq.qlen around qdisc_tree_reduce_backlog() need to happen\n_before_ a call to said function because otherwise it may fail to notify\nparent qdiscs when the child is about to become empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53164",
"url": "https://www.suse.com/security/cve/CVE-2024-53164"
},
{
"category": "external",
"summary": "SUSE Bug 1234863 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1234863"
},
{
"category": "external",
"summary": "SUSE Bug 1246019 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1246019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-06T11:20:15Z",
"details": "important"
}
],
"title": "CVE-2024-53164"
},
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-06T11:20:15Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-06T11:20:15Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-10-rt-15-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-06T11:20:15Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
}
]
}
SUSE-SU-2025:20960-1
Vulnerability from csaf_suse - Published: 2025-11-06 11:20 - Updated: 2025-11-06 11:20Summary
Security update for kernel-livepatch-MICRO-6-0-RT_Update_3
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0-RT_Update_3
Description of the patch: This update for kernel-livepatch-MICRO-6-0-RT_Update_3 fixes the following issues:
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019)
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)
Patchnames: SUSE-SLE-Micro-6.0-kernel-203
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0-RT_Update_3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0-RT_Update_3 fixes the following issues:\n\n- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019)\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-203",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20960-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20960-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520960-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20960-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023225.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246019",
"url": "https://bugzilla.suse.com/1246019"
},
{
"category": "self",
"summary": "SUSE Bug 1248631",
"url": "https://bugzilla.suse.com/1248631"
},
{
"category": "self",
"summary": "SUSE Bug 1249207",
"url": "https://bugzilla.suse.com/1249207"
},
{
"category": "self",
"summary": "SUSE Bug 1249208",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53164 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0-RT_Update_3",
"tracking": {
"current_release_date": "2025-11-06T11:20:15Z",
"generator": {
"date": "2025-11-06T11:20:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20960-1",
"initial_release_date": "2025-11-06T11:20:15Z",
"revision_history": [
{
"date": "2025-11-06T11:20:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53164"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ordering of qlen adjustment\n\nChanges to sch-\u003eq.qlen around qdisc_tree_reduce_backlog() need to happen\n_before_ a call to said function because otherwise it may fail to notify\nparent qdiscs when the child is about to become empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53164",
"url": "https://www.suse.com/security/cve/CVE-2024-53164"
},
{
"category": "external",
"summary": "SUSE Bug 1234863 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1234863"
},
{
"category": "external",
"summary": "SUSE Bug 1246019 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1246019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-06T11:20:15Z",
"details": "important"
}
],
"title": "CVE-2024-53164"
},
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-06T11:20:15Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-06T11:20:15Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-11-rt-15-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-06T11:20:15Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
}
]
}
SUSE-SU-2025:20972-1
Vulnerability from csaf_suse - Published: 2025-11-05 16:12 - Updated: 2025-11-05 16:12Summary
Security update for kernel-livepatch-MICRO-6-0_Update_10
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0_Update_10
Description of the patch: This update for kernel-livepatch-MICRO-6-0_Update_10 fixes the following issues:
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)
Patchnames: SUSE-SLE-Micro-6.1-kernel-189
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0_Update_10",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0_Update_10 fixes the following issues:\n\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-189",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20972-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20972-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520972-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20972-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023221.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248631",
"url": "https://bugzilla.suse.com/1248631"
},
{
"category": "self",
"summary": "SUSE Bug 1249207",
"url": "https://bugzilla.suse.com/1249207"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0_Update_10",
"tracking": {
"current_release_date": "2025-11-05T16:12:05Z",
"generator": {
"date": "2025-11-05T16:12:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20972-1",
"initial_release_date": "2025-11-05T16:12:05Z",
"revision_history": [
{
"date": "2025-11-05T16:12:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-32-default-3-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-32-default-3-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-32-default-3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-32-default-3-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-32-default-3-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-32-default-3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-32-default-3-1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-32-default-3-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-32-default-3-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-32-default-3-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:12:05Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-32-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:12:05Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
}
]
}
SUSE-SU-2025:20973-1
Vulnerability from csaf_suse - Published: 2025-11-05 16:13 - Updated: 2025-11-05 16:13Summary
Security update for kernel-livepatch-MICRO-6-0_Update_4
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0_Update_4
Description of the patch: This update for kernel-livepatch-MICRO-6-0_Update_4 fixes the following issues:
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019)
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)
Patchnames: SUSE-SLE-Micro-6.1-kernel-187
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0_Update_4",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0_Update_4 fixes the following issues:\n\n- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1246019)\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-187",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20973-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20973-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520973-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20973-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023220.html"
},
{
"category": "self",
"summary": "SUSE Bug 1246019",
"url": "https://bugzilla.suse.com/1246019"
},
{
"category": "self",
"summary": "SUSE Bug 1248631",
"url": "https://bugzilla.suse.com/1248631"
},
{
"category": "self",
"summary": "SUSE Bug 1249207",
"url": "https://bugzilla.suse.com/1249207"
},
{
"category": "self",
"summary": "SUSE Bug 1249208",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53164 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0_Update_4",
"tracking": {
"current_release_date": "2025-11-05T16:13:01Z",
"generator": {
"date": "2025-11-05T16:13:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20973-1",
"initial_release_date": "2025-11-05T16:13:01Z",
"revision_history": [
{
"date": "2025-11-05T16:13:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"product_id": "kernel-livepatch-6_4_0-24-default-13-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-24-default-13-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-24-default-13-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-24-default-13-1.2.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-24-default-13-1.2.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-24-default-13-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53164"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix ordering of qlen adjustment\n\nChanges to sch-\u003eq.qlen around qdisc_tree_reduce_backlog() need to happen\n_before_ a call to said function because otherwise it may fail to notify\nparent qdiscs when the child is about to become empty.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53164",
"url": "https://www.suse.com/security/cve/CVE-2024-53164"
},
{
"category": "external",
"summary": "SUSE Bug 1234863 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1234863"
},
{
"category": "external",
"summary": "SUSE Bug 1246019 for CVE-2024-53164",
"url": "https://bugzilla.suse.com/1246019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:13:01Z",
"details": "important"
}
],
"title": "CVE-2024-53164"
},
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:13:01Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:13:01Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-24-default-13-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:13:01Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
}
]
}
SUSE-SU-2025:20974-1
Vulnerability from csaf_suse - Published: 2025-11-05 16:13 - Updated: 2025-11-05 16:13Summary
Security update for kernel-livepatch-MICRO-6-0_Update_6
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0_Update_6
Description of the patch: This update for kernel-livepatch-MICRO-6-0_Update_6 fixes the following issues:
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)
Patchnames: SUSE-SLE-Micro-6.1-kernel-188
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0_Update_6",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0_Update_6 fixes the following issues:\n\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-188",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20974-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20974-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520974-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20974-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023219.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248631",
"url": "https://bugzilla.suse.com/1248631"
},
{
"category": "self",
"summary": "SUSE Bug 1249207",
"url": "https://bugzilla.suse.com/1249207"
},
{
"category": "self",
"summary": "SUSE Bug 1249208",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0_Update_6",
"tracking": {
"current_release_date": "2025-11-05T16:13:22Z",
"generator": {
"date": "2025-11-05T16:13:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20974-1",
"initial_release_date": "2025-11-05T16:13:22Z",
"revision_history": [
{
"date": "2025-11-05T16:13:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"product_id": "kernel-livepatch-6_4_0-28-default-9-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-28-default-9-3.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-28-default-9-3.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-9-3.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-28-default-9-3.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-28-default-9-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:13:22Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:13:22Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-28-default-9-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:13:22Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
}
]
}
SUSE-SU-2025:20975-1
Vulnerability from csaf_suse - Published: 2025-11-05 16:15 - Updated: 2025-11-05 16:15Summary
Security update for kernel-livepatch-MICRO-6-0_Update_7
Severity
Important
Notes
Title of the patch: Security update for kernel-livepatch-MICRO-6-0_Update_7
Description of the patch: This update for kernel-livepatch-MICRO-6-0_Update_7 fixes the following issues:
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)
Patchnames: SUSE-SLE-Micro-6.1-kernel-192
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kernel-livepatch-MICRO-6-0_Update_7",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kernel-livepatch-MICRO-6-0_Update_7 fixes the following issues:\n\n- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248631)\n- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1249207)\n- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1249208)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-192",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20975-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20975-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520975-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20975-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023218.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248631",
"url": "https://bugzilla.suse.com/1248631"
},
{
"category": "self",
"summary": "SUSE Bug 1249207",
"url": "https://bugzilla.suse.com/1249207"
},
{
"category": "self",
"summary": "SUSE Bug 1249208",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38617 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38618 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38664 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38664/"
}
],
"title": "Security update for kernel-livepatch-MICRO-6-0_Update_7",
"tracking": {
"current_release_date": "2025-11-05T16:15:32Z",
"generator": {
"date": "2025-11-05T16:15:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20975-1",
"initial_release_date": "2025-11-05T16:15:32Z",
"revision_history": [
{
"date": "2025-11-05T16:15:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"product_id": "kernel-livepatch-6_4_0-29-default-8-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-29-default-8-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-29-default-8-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-29-default-8-1.2.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-29-default-8-1.2.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-29-default-8-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/packet: fix a race in packet_set_ring() and packet_notifier()\n\nWhen packet_set_ring() releases po-\u003ebind_lock, another thread can\nrun packet_notifier() and process an NETDEV_UP event.\n\nThis race and the fix are both similar to that of commit 15fe076edea7\n(\"net/packet: fix a race in packet_bind() and packet_notifier()\").\n\nThere too the packet_notifier NETDEV_UP event managed to run while a\npo-\u003ebind_lock critical section had to be temporarily released. And\nthe fix was similarly to temporarily set po-\u003enum to zero to keep\nthe socket unhooked until the lock is retaken.\n\nThe po-\u003ebind_lock in packet_set_ring and packet_notifier precede the\nintroduction of git history.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38617",
"url": "https://www.suse.com/security/cve/CVE-2025-38617"
},
{
"category": "external",
"summary": "SUSE Bug 1247374 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1247374"
},
{
"category": "external",
"summary": "SUSE Bug 1248621 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1248621"
},
{
"category": "external",
"summary": "SUSE Bug 1249208 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1249208"
},
{
"category": "external",
"summary": "SUSE Bug 1253291 for CVE-2025-38617",
"url": "https://bugzilla.suse.com/1253291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:15:32Z",
"details": "important"
}
],
"title": "CVE-2025-38617"
},
{
"cve": "CVE-2025-38618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38618",
"url": "https://www.suse.com/security/cve/CVE-2025-38618"
},
{
"category": "external",
"summary": "SUSE Bug 1248511 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1248511"
},
{
"category": "external",
"summary": "SUSE Bug 1249207 for CVE-2025-38618",
"url": "https://bugzilla.suse.com/1249207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:15:32Z",
"details": "important"
}
],
"title": "CVE-2025-38618"
},
{
"cve": "CVE-2025-38664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n\nAdd check for the return value of devm_kmemdup()\nto prevent potential null pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38664",
"url": "https://www.suse.com/security/cve/CVE-2025-38664"
},
{
"category": "external",
"summary": "SUSE Bug 1248628 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248628"
},
{
"category": "external",
"summary": "SUSE Bug 1248631 for CVE-2025-38664",
"url": "https://bugzilla.suse.com/1248631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-29-default-8-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-05T16:15:32Z",
"details": "important"
}
],
"title": "CVE-2025-38664"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…