Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-56664 (GCVE-0-2024-56664)
Vulnerability from cvelistv5 – Published: 2024-12-27 15:06 – Updated: 2026-05-11 20:56
VLAI
EPSS
Title
bpf, sockmap: Fix race between element replace and close()
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf, sockmap: Fix race between element replace and close()
Element replace (with a socket different from the one stored) may race
with socket's close() link popping & unlinking. __sock_map_delete()
unconditionally unrefs the (wrong) element:
// set map[0] = s0
map_update_elem(map, 0, s0)
// drop fd of s0
close(s0)
sock_map_close()
lock_sock(sk) (s0!)
sock_map_remove_links(sk)
link = sk_psock_link_pop()
sock_map_unlink(sk, link)
sock_map_delete_from_link
// replace map[0] with s1
map_update_elem(map, 0, s1)
sock_map_update_elem
(s1!) lock_sock(sk)
sock_map_update_common
psock = sk_psock(sk)
spin_lock(&stab->lock)
osk = stab->sks[idx]
sock_map_add_link(..., &stab->sks[idx])
sock_map_unref(osk, &stab->sks[idx])
psock = sk_psock(osk)
sk_psock_put(sk, psock)
if (refcount_dec_and_test(&psock))
sk_psock_drop(sk, psock)
spin_unlock(&stab->lock)
unlock_sock(sk)
__sock_map_delete
spin_lock(&stab->lock)
sk = *psk // s1 replaced s0; sk == s1
if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch
sk = xchg(psk, NULL)
if (sk)
sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle
psock = sk_psock(sk)
sk_psock_put(sk, psock)
if (refcount_dec_and_test())
sk_psock_drop(sk, psock)
spin_unlock(&stab->lock)
release_sock(sk)
Then close(map) enqueues bpf_map_free_deferred, which finally calls
sock_map_free(). This results in some refcount_t warnings along with
a KASAN splat [1].
Fix __sock_map_delete(), do not allow sock_map_unref() on elements that
may have been replaced.
[1]:
BUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330
Write of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063
CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014
Workqueue: events_unbound bpf_map_free_deferred
Call Trace:
<TASK>
dump_stack_lvl+0x68/0x90
print_report+0x174/0x4f6
kasan_report+0xb9/0x190
kasan_check_range+0x10f/0x1e0
sock_map_free+0x10e/0x330
bpf_map_free_deferred+0x173/0x320
process_one_work+0x846/0x1420
worker_thread+0x5b3/0xf80
kthread+0x29e/0x360
ret_from_fork+0x2d/0x70
ret_from_fork_asm+0x1a/0x30
</TASK>
Allocated by task 1202:
kasan_save_stack+0x1e/0x40
kasan_save_track+0x10/0x30
__kasan_slab_alloc+0x85/0x90
kmem_cache_alloc_noprof+0x131/0x450
sk_prot_alloc+0x5b/0x220
sk_alloc+0x2c/0x870
unix_create1+0x88/0x8a0
unix_create+0xc5/0x180
__sock_create+0x241/0x650
__sys_socketpair+0x1ce/0x420
__x64_sys_socketpair+0x92/0x100
do_syscall_64+0x93/0x180
entry_SYSCALL_64_after_hwframe+0x76/0x7e
Freed by task 46:
kasan_save_stack+0x1e/0x40
kasan_save_track+0x10/0x30
kasan_save_free_info+0x37/0x60
__kasan_slab_free+0x4b/0x70
kmem_cache_free+0x1a1/0x590
__sk_destruct+0x388/0x5a0
sk_psock_destroy+0x73e/0xa50
process_one_work+0x846/0x1420
worker_thread+0x5b3/0xf80
kthread+0x29e/0x360
ret_from_fork+0x2d/0x70
ret_from_fork_asm+0x1a/0x30
The bu
---truncated---
Severity
7.0 (High)
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
604326b41a6fb9b4a78b6179335decee0365cd8c , < 6deb9e85dc9a2ba4414b91c1b5b00b8415910890
(git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < fdb2cd8957ac51f84c9e742ba866087944bb834b (git) Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < b79a0d1e9a374d1b376933a354c4fcd01fce0365 (git) Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < b015f19fedd2e12283a8450dd0aefce49ec57015 (git) Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < bf2318e288f636a882eea39f7e1015623629f168 (git) Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < ed1fc5d76b81a4d681211333c026202cad4d5649 (git) |
|
| Linux | Linux |
Affected:
4.20
Unaffected: 0 , < 4.20 (semver) Unaffected: 5.10.236 , ≤ 5.10.* (semver) Unaffected: 5.15.180 , ≤ 5.15.* (semver) Unaffected: 6.1.125 , ≤ 6.1.* (semver) Unaffected: 6.6.67 , ≤ 6.6.* (semver) Unaffected: 6.12.6 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:52:13.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/sock_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6deb9e85dc9a2ba4414b91c1b5b00b8415910890",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "fdb2cd8957ac51f84c9e742ba866087944bb834b",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "b79a0d1e9a374d1b376933a354c4fcd01fce0365",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "b015f19fedd2e12283a8450dd0aefce49ec57015",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "bf2318e288f636a882eea39f7e1015623629f168",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
},
{
"lessThan": "ed1fc5d76b81a4d681211333c026202cad4d5649",
"status": "affected",
"version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/sock_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.236",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.180",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.125",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.67",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.236",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.180",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.125",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.67",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.6",
"versionStartIncluding": "4.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:56:51.838Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6deb9e85dc9a2ba4414b91c1b5b00b8415910890"
},
{
"url": "https://git.kernel.org/stable/c/fdb2cd8957ac51f84c9e742ba866087944bb834b"
},
{
"url": "https://git.kernel.org/stable/c/b79a0d1e9a374d1b376933a354c4fcd01fce0365"
},
{
"url": "https://git.kernel.org/stable/c/b015f19fedd2e12283a8450dd0aefce49ec57015"
},
{
"url": "https://git.kernel.org/stable/c/bf2318e288f636a882eea39f7e1015623629f168"
},
{
"url": "https://git.kernel.org/stable/c/ed1fc5d76b81a4d681211333c026202cad4d5649"
}
],
"title": "bpf, sockmap: Fix race between element replace and close()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-56664",
"datePublished": "2024-12-27T15:06:26.276Z",
"dateReserved": "2024-12-27T15:00:39.844Z",
"dateUpdated": "2026-05-11T20:56:51.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-56664",
"date": "2026-06-08",
"epss": "0.00017",
"percentile": "0.04354"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-56664\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-27T15:15:26.297\",\"lastModified\":\"2025-11-03T21:18:17.000\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbpf, sockmap: Fix race between element replace and close()\\n\\nElement replace (with a socket different from the one stored) may race\\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\\nunconditionally unrefs the (wrong) element:\\n\\n// set map[0] = s0\\nmap_update_elem(map, 0, s0)\\n\\n// drop fd of s0\\nclose(s0)\\n sock_map_close()\\n lock_sock(sk) (s0!)\\n sock_map_remove_links(sk)\\n link = sk_psock_link_pop()\\n sock_map_unlink(sk, link)\\n sock_map_delete_from_link\\n // replace map[0] with s1\\n map_update_elem(map, 0, s1)\\n sock_map_update_elem\\n (s1!) lock_sock(sk)\\n sock_map_update_common\\n psock = sk_psock(sk)\\n spin_lock(\u0026stab-\u003elock)\\n osk = stab-\u003esks[idx]\\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\\n psock = sk_psock(osk)\\n sk_psock_put(sk, psock)\\n if (refcount_dec_and_test(\u0026psock))\\n sk_psock_drop(sk, psock)\\n spin_unlock(\u0026stab-\u003elock)\\n unlock_sock(sk)\\n __sock_map_delete\\n spin_lock(\u0026stab-\u003elock)\\n sk = *psk // s1 replaced s0; sk == s1\\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\\n sk = xchg(psk, NULL)\\n if (sk)\\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\\n psock = sk_psock(sk)\\n sk_psock_put(sk, psock)\\n if (refcount_dec_and_test())\\n sk_psock_drop(sk, psock)\\n spin_unlock(\u0026stab-\u003elock)\\n release_sock(sk)\\n\\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\\nsock_map_free(). This results in some refcount_t warnings along with\\na KASAN splat [1].\\n\\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\\nmay have been replaced.\\n\\n[1]:\\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\\n\\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\\nWorkqueue: events_unbound bpf_map_free_deferred\\nCall Trace:\\n \u003cTASK\u003e\\n dump_stack_lvl+0x68/0x90\\n print_report+0x174/0x4f6\\n kasan_report+0xb9/0x190\\n kasan_check_range+0x10f/0x1e0\\n sock_map_free+0x10e/0x330\\n bpf_map_free_deferred+0x173/0x320\\n process_one_work+0x846/0x1420\\n worker_thread+0x5b3/0xf80\\n kthread+0x29e/0x360\\n ret_from_fork+0x2d/0x70\\n ret_from_fork_asm+0x1a/0x30\\n \u003c/TASK\u003e\\n\\nAllocated by task 1202:\\n kasan_save_stack+0x1e/0x40\\n kasan_save_track+0x10/0x30\\n __kasan_slab_alloc+0x85/0x90\\n kmem_cache_alloc_noprof+0x131/0x450\\n sk_prot_alloc+0x5b/0x220\\n sk_alloc+0x2c/0x870\\n unix_create1+0x88/0x8a0\\n unix_create+0xc5/0x180\\n __sock_create+0x241/0x650\\n __sys_socketpair+0x1ce/0x420\\n __x64_sys_socketpair+0x92/0x100\\n do_syscall_64+0x93/0x180\\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n\\nFreed by task 46:\\n kasan_save_stack+0x1e/0x40\\n kasan_save_track+0x10/0x30\\n kasan_save_free_info+0x37/0x60\\n __kasan_slab_free+0x4b/0x70\\n kmem_cache_free+0x1a1/0x590\\n __sk_destruct+0x388/0x5a0\\n sk_psock_destroy+0x73e/0xa50\\n process_one_work+0x846/0x1420\\n worker_thread+0x5b3/0xf80\\n kthread+0x29e/0x360\\n ret_from_fork+0x2d/0x70\\n ret_from_fork_asm+0x1a/0x30\\n\\nThe bu\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf, sockmap: Se corrige la competencia entre el reemplazo de elementos y close(). El reemplazo de elementos (con un socket diferente del almacenado) puede competir con el enlace de close() del socket, haciendo estallar y desvinculando el enlace. __sock_map_delete() anula la referencia incondicional del elemento (incorrecto): // establece map[0] = s0 map_update_elem(map, 0, s0) // elimina fd de s0 close(s0) sock_map_close() lock_sock(sk) (s0!) sock_map_remove_links(sk) link = sk_psock_link_pop() sock_map_unlink(sk, link) sock_map_delete_from_link // reemplaza map[0] con s1 map_update_elem(map, 0, s1) sock_map_update_elem (s1!) lock_sock(sk) sock_map_update_common psock = sk_psock(sk) spin_lock(\u0026amp;stab-\u0026gt;lock) osk = stab-\u0026gt;sks[idx] sock_map_add_link(..., \u0026amp;stab-\u0026gt;sks[idx]) sock_map_unref(osk, \u0026amp;stab-\u0026gt;sks[idx]) psock = sk_psock(osk) sk_psock_put(sk, psock) si (conteo_de_referencias_y_pruebas(\u0026amp;psock)) sk_psock_drop(sk, psock) desbloqueo_spin(\u0026amp;stab-\u0026gt;bloqueo) desbloqueo_sock(sk) __sock_map_delete bloqueo_spin(\u0026amp;stab-\u0026gt;bloqueo) sk = *psk // s1 reemplaz\u00f3 a s0; sk == s1 si (!sk_prueba || sk_prueba == sk) // sk_prueba (s0) != sk (s1); sin rama sk = xchg(psk, NULL) si (sk) sock_map_unref(sk, psk) // desreferenciar s1; sks[idx] dejar\u00e1 colgado psock = sk_psock(sk) sk_psock_put(sk, psock) if (refcount_dec_and_test()) sk_psock_drop(sk, psock) spin_unlock(\u0026amp;stab-\u0026gt;lock) release_sock(sk) Luego close(map) pone en cola bpf_map_free_deferred, que finalmente llama a sock_map_free(). Esto da como resultado algunas advertencias refcount_t junto con un splat KASAN [1]. Corrija __sock_map_delete(), no permita sock_map_unref() en elementos que pueden haber sido reemplazados. [1]: ERROR: KASAN: slab-use-after-free en sock_map_free+0x10e/0x330 Escritura de tama\u00f1o 4 en la direcci\u00f3n ffff88811f5b9100 por la tarea kworker/u64:12/1063 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 No contaminado 6.12.0+ #125 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Cola de trabajo: events_unbound bpf_map_free_deferred Rastreo de llamadas: dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 Asignado por la tarea 1202: pila de guardado kasan+0x1e/0x40 seguimiento de guardado kasan+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 unix_create1+0x88/0x8a0 unix_create+0xc5/0x180 __sock_create+0x241/0x650 __sys_socketpair+0x1ce/0x420 __x64_sys_socketpair+0x92/0x100 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Liberado por la tarea 46: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 sk_psock_destroy+0x73e/0xa50 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 La librer\u00eda ---truncada---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"},{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"6.6.67\",\"matchCriteriaId\":\"54ED2956-6164-49A7-8D04-741D1A16289C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.6\",\"matchCriteriaId\":\"0CB1A9BB-F95E-43DD-A2FD-147912FD91E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62567B3C-6CEE-46D0-BC2E-B3717FBF7D13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A073481-106D-4B15-B4C7-FB0213B8E1D4\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/6deb9e85dc9a2ba4414b91c1b5b00b8415910890\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b015f19fedd2e12283a8450dd0aefce49ec57015\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b79a0d1e9a374d1b376933a354c4fcd01fce0365\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/bf2318e288f636a882eea39f7e1015623629f168\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ed1fc5d76b81a4d681211333c026202cad4d5649\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fdb2cd8957ac51f84c9e742ba866087944bb834b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2025:02610-1
Vulnerability from csaf_suse - Published: 2025-08-03 09:34 - Updated: 2025-08-03 09:34Summary
Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_144 fixes several issues.
The following security issues were fixed:
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
Patchnames: SUSE-2025-2610,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2610
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_144 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2610,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2610",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02610-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02610-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502610-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02610-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041018.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE Bug 1245804",
"url": "https://bugzilla.suse.com/1245804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2025-08-03T09:34:07Z",
"generator": {
"date": "2025-08-03T09:34:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02610-1",
"initial_release_date": "2025-08-03T09:34:07Z",
"revision_history": [
{
"date": "2025-08-03T09:34:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "external",
"summary": "SUSE Bug 1245804 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1245804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-03T09:34:07Z",
"details": "important"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-03T09:34:07Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-03T09:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-03T09:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-10-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-03T09:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:02618-1
Vulnerability from csaf_suse - Published: 2025-08-04 07:34 - Updated: 2025-08-04 07:34Summary
Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_228 fixes several issues.
The following security issues were fixed:
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
Patchnames: SUSE-2025-2618,SUSE-SLE-Live-Patching-12-SP5-2025-2618
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_228 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2618,SUSE-SLE-Live-Patching-12-SP5-2025-2618",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02618-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02618-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502618-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02618-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041009.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 60 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2025-08-04T07:34:19Z",
"generator": {
"date": "2025-08-04T07:34:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02618-1",
"initial_release_date": "2025-08-04T07:34:19Z",
"revision_history": [
{
"date": "2025-08-04T07:34:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_228-default-13-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_228-default-13-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T07:34:19Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T07:34:19Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T07:34:19Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_228-default-13-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T07:34:19Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:02627-1
Vulnerability from csaf_suse - Published: 2025-08-04 08:34 - Updated: 2025-08-04 08:34Summary
Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues.
The following security issues were fixed:
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228645).
Patchnames: SUSE-2025-2627,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2627
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_167 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797).\n- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228645).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2627,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2627",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02627-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02627-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502627-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02627-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041055.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228645",
"url": "https://bugzilla.suse.com/1228645"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-08-04T08:34:47Z",
"generator": {
"date": "2025-08-04T08:34:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02627-1",
"initial_release_date": "2025-08-04T08:34:47Z",
"revision_history": [
{
"date": "2025-08-04T08:34:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_167-preempt-17-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_167-preempt-17-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_167-preempt-17-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-41069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41069",
"url": "https://www.suse.com/security/cve/CVE-2024-41069"
},
{
"category": "external",
"summary": "SUSE Bug 1228644 for CVE-2024-41069",
"url": "https://bugzilla.suse.com/1228644"
},
{
"category": "external",
"summary": "SUSE Bug 1228645 for CVE-2024-41069",
"url": "https://bugzilla.suse.com/1228645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:34:47Z",
"details": "important"
}
],
"title": "CVE-2024-41069"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:34:47Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:34:47Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:34:47Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_167-default-17-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:34:47Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:02632-1
Vulnerability from csaf_suse - Published: 2025-08-04 08:35 - Updated: 2025-08-04 08:35Summary
Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_10_5 fixes several issues.
The following security issues were fixed:
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
- CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1245771).
Patchnames: SUSE-2025-2632,SUSE-2025-2665,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2632
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_10_5 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797).\n- CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1245771).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2632,SUSE-2025-2665,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2632",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02632-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02632-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502632-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02632-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041053.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245771",
"url": "https://bugzilla.suse.com/1245771"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE Bug 1245804",
"url": "https://bugzilla.suse.com/1245804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-26809 page",
"url": "https://www.suse.com/security/cve/CVE-2024-26809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-08-04T08:35:30Z",
"generator": {
"date": "2025-08-04T08:35:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02632-1",
"initial_release_date": "2025-08-04T08:35:30Z",
"revision_history": [
{
"date": "2025-08-04T08:35:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_17-default-18-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-26809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-26809"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: release elements in clone only from destroy path\n\nClone already always provides a current view of the lookup table, use it\nto destroy the set, otherwise it is possible to destroy elements twice.\n\nThis fix requires:\n\n 212ed75dc5fb (\"netfilter: nf_tables: integrate pipapo into commit protocol\")\n\nwhich came after:\n\n 9827a0e6e23b (\"netfilter: nft_set_pipapo: release elements in clone from abort path\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-26809",
"url": "https://www.suse.com/security/cve/CVE-2024-26809"
},
{
"category": "external",
"summary": "SUSE Bug 1222633 for CVE-2024-26809",
"url": "https://bugzilla.suse.com/1222633"
},
{
"category": "external",
"summary": "SUSE Bug 1245771 for CVE-2024-26809",
"url": "https://bugzilla.suse.com/1245771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:35:30Z",
"details": "important"
}
],
"title": "CVE-2024-26809"
},
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "external",
"summary": "SUSE Bug 1245804 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1245804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:35:30Z",
"details": "important"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:35:30Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:35:30Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:35:30Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_5-rt-18-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:35:30Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:02636-1
Vulnerability from csaf_suse - Published: 2025-08-04 09:04 - Updated: 2025-08-04 09:04Summary
Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_125 fixes several issues.
The following security issues were fixed:
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228645).
Patchnames: SUSE-2025-2636,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2636
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_125 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797).\n- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228645).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2636,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2636",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02636-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02636-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502636-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02636-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041052.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228645",
"url": "https://bugzilla.suse.com/1228645"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE Bug 1245804",
"url": "https://bugzilla.suse.com/1245804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41069 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2025-08-04T09:04:46Z",
"generator": {
"date": "2025-08-04T09:04:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02636-1",
"initial_release_date": "2025-08-04T09:04:46Z",
"revision_history": [
{
"date": "2025-08-04T09:04:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-41069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41069",
"url": "https://www.suse.com/security/cve/CVE-2024-41069"
},
{
"category": "external",
"summary": "SUSE Bug 1228644 for CVE-2024-41069",
"url": "https://bugzilla.suse.com/1228644"
},
{
"category": "external",
"summary": "SUSE Bug 1228645 for CVE-2024-41069",
"url": "https://bugzilla.suse.com/1228645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2024-41069"
},
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "external",
"summary": "SUSE Bug 1245804 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1245804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-16-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T09:04:46Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:02638-1
Vulnerability from csaf_suse - Published: 2025-08-04 08:05 - Updated: 2025-08-04 08:05Summary
Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_10_8 fixes several issues.
The following security issues were fixed:
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
Patchnames: SUSE-2025-2630,SUSE-2025-2638,SUSE-2025-2639,SUSE-2025-2659,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2630,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2624
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_10_8 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2630,SUSE-2025-2638,SUSE-2025-2639,SUSE-2025-2659,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2630,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2624",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02638-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02638-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502638-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02638-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041057.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE Bug 1245804",
"url": "https://bugzilla.suse.com/1245804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-08-04T08:05:16Z",
"generator": {
"date": "2025-08-04T08:05:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02638-1",
"initial_release_date": "2025-08-04T08:05:16Z",
"revision_history": [
{
"date": "2025-08-04T08:05:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_128-default-14-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_133-default-12-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_25-default-13-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "external",
"summary": "SUSE Bug 1245804 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1245804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:05:16Z",
"details": "important"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:05:16Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:05:16Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:05:16Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_147-default-9-150400.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_8-rt-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T08:05:16Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:02648-1
Vulnerability from csaf_suse - Published: 2025-08-04 09:05 - Updated: 2025-08-04 09:05Summary
Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_10_23 fixes several issues.
The following security issues were fixed:
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
Patchnames: SUSE-2025-2623,SUSE-2025-2628,SUSE-2025-2629,SUSE-2025-2648,SUSE-2025-2649,SUSE-SLE-Live-Patching-12-SP5-2025-2648,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2628,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2623,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2644
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_10_23 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2623,SUSE-2025-2628,SUSE-2025-2629,SUSE-2025-2648,SUSE-2025-2649,SUSE-SLE-Live-Patching-12-SP5-2025-2648,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2628,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2623,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2644",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02648-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02648-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502648-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02648-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041058.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-08-04T09:05:39Z",
"generator": {
"date": "2025-08-04T09:05:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02648-1",
"initial_release_date": "2025-08-04T09:05:39Z",
"revision_history": [
{
"date": "2025-08-04T09:05:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_222-default-15-2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_170-preempt-15-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_170-preempt-15-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_170-preempt-15-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-default-8-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_188-preempt-8-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_188-preempt-8-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_188-preempt-8-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_179-default-13-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_179-preempt-13-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_179-preempt-13-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_179-preempt-13-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_222-default-15-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T09:05:39Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T09:05:39Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T09:05:39Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_222-default-15-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_170-default-15-150300.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-8-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_23-rt-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T09:05:39Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:02652-1
Vulnerability from csaf_suse - Published: 2025-08-04 10:05 - Updated: 2025-08-04 10:05Summary
Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_83 fixes several issues.
The following security issues were fixed:
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
Patchnames: SUSE-2025-2631,SUSE-2025-2652,SUSE-2025-2653,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2653
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_55_83 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2631,SUSE-2025-2652,SUSE-2025-2653,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2653",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02652-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02652-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502652-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02652-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041054.html"
},
{
"category": "self",
"summary": "SUSE Bug 1232927",
"url": "https://bugzilla.suse.com/1232927"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE Bug 1245804",
"url": "https://bugzilla.suse.com/1245804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2025-08-04T10:05:39Z",
"generator": {
"date": "2025-08-04T10:05:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02652-1",
"initial_release_date": "2025-08-04T10:05:39Z",
"revision_history": [
{
"date": "2025-08-04T10:05:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_80-default-12-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_73-default-14-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "external",
"summary": "SUSE Bug 1245804 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1245804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T10:05:39Z",
"details": "important"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T10:05:39Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T10:05:39Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T10:05:39Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-12-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T10:05:39Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:02673-1
Vulnerability from csaf_suse - Published: 2025-08-04 13:34 - Updated: 2025-08-04 13:34Summary
Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_23_33 fixes several issues.
The following security issues were fixed:
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
Patchnames: SUSE-2025-2673,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2673
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_33 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2673,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2673",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02673-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02673-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502673-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02673-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041067.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-08-04T13:34:07Z",
"generator": {
"date": "2025-08-04T13:34:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02673-1",
"initial_release_date": "2025-08-04T13:34:07Z",
"revision_history": [
{
"date": "2025-08-04T13:34:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T13:34:07Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T13:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T13:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_33-default-9-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T13:34:07Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
SUSE-SU-2025:02688-1
Vulnerability from csaf_suse - Published: 2025-08-04 22:50 - Updated: 2025-08-04 22:50Summary
Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues.
The following security issues were fixed:
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1245797).
Patchnames: SUSE-2025-2688,SUSE-2025-2690,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2688
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235250).\n- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1245793).\n- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1245776).\n- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1245804).\n- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0 (bsc#1245797).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2688,SUSE-2025-2690,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2688",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02688-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02688-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502688-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02688-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041089.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235250",
"url": "https://bugzilla.suse.com/1235250"
},
{
"category": "self",
"summary": "SUSE Bug 1245776",
"url": "https://bugzilla.suse.com/1245776"
},
{
"category": "self",
"summary": "SUSE Bug 1245793",
"url": "https://bugzilla.suse.com/1245793"
},
{
"category": "self",
"summary": "SUSE Bug 1245797",
"url": "https://bugzilla.suse.com/1245797"
},
{
"category": "self",
"summary": "SUSE Bug 1245804",
"url": "https://bugzilla.suse.com/1245804"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-53125 page",
"url": "https://www.suse.com/security/cve/CVE-2024-53125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-56664 page",
"url": "https://www.suse.com/security/cve/CVE-2024-56664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-21702 page",
"url": "https://www.suse.com/security/cve/CVE-2025-21702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37797 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37797/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-08-04T22:50:13Z",
"generator": {
"date": "2025-08-04T22:50:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02688-1",
"initial_release_date": "2025-08-04T22:50:13Z",
"revision_history": [
{
"date": "2025-08-04T22:50:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_30-default-9-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-53125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-53125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: sync_linked_regs() must preserve subreg_def\n\nRange propagation must not affect subreg_def marks, otherwise the\nfollowing example is rewritten by verifier incorrectly when\nBPF_F_TEST_RND_HI32 flag is set:\n\n 0: call bpf_ktime_get_ns call bpf_ktime_get_ns\n 1: r0 \u0026= 0x7fffffff after verifier r0 \u0026= 0x7fffffff\n 2: w1 = w0 rewrites w1 = w0\n 3: if w0 \u003c 10 goto +0 --------------\u003e r11 = 0x2f5674a6 (r)\n 4: r1 \u003e\u003e= 32 r11 \u003c\u003c= 32 (r)\n 5: r0 = r1 r1 |= r11 (r)\n 6: exit; if w0 \u003c 0xa goto pc+0\n r1 \u003e\u003e= 32\n r0 = r1\n exit\n\n(or zero extension of w1 at (2) is missing for architectures that\n require zero extension for upper register half).\n\nThe following happens w/o this patch:\n- r0 is marked as not a subreg at (0);\n- w1 is marked as subreg at (2);\n- w1 subreg_def is overridden at (3) by copy_register_state();\n- w1 is read at (5) but mark_insn_zext() does not mark (2)\n for zero extension, because w1 subreg_def is not set;\n- because of BPF_F_TEST_RND_HI32 flag verifier inserts random\n value for hi32 bits of (2) (marked (r));\n- this random value is read at (5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-53125",
"url": "https://www.suse.com/security/cve/CVE-2024-53125"
},
{
"category": "external",
"summary": "SUSE Bug 1234156 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1234156"
},
{
"category": "external",
"summary": "SUSE Bug 1245804 for CVE-2024-53125",
"url": "https://bugzilla.suse.com/1245804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T22:50:13Z",
"details": "important"
}
],
"title": "CVE-2024-53125"
},
{
"cve": "CVE-2024-56664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-56664"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix race between element replace and close()\n\nElement replace (with a socket different from the one stored) may race\nwith socket\u0027s close() link popping \u0026 unlinking. __sock_map_delete()\nunconditionally unrefs the (wrong) element:\n\n// set map[0] = s0\nmap_update_elem(map, 0, s0)\n\n// drop fd of s0\nclose(s0)\n sock_map_close()\n lock_sock(sk) (s0!)\n sock_map_remove_links(sk)\n link = sk_psock_link_pop()\n sock_map_unlink(sk, link)\n sock_map_delete_from_link\n // replace map[0] with s1\n map_update_elem(map, 0, s1)\n sock_map_update_elem\n (s1!) lock_sock(sk)\n sock_map_update_common\n psock = sk_psock(sk)\n spin_lock(\u0026stab-\u003elock)\n osk = stab-\u003esks[idx]\n sock_map_add_link(..., \u0026stab-\u003esks[idx])\n sock_map_unref(osk, \u0026stab-\u003esks[idx])\n psock = sk_psock(osk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test(\u0026psock))\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n unlock_sock(sk)\n __sock_map_delete\n spin_lock(\u0026stab-\u003elock)\n sk = *psk // s1 replaced s0; sk == s1\n if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch\n sk = xchg(psk, NULL)\n if (sk)\n sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle\n psock = sk_psock(sk)\n sk_psock_put(sk, psock)\n if (refcount_dec_and_test())\n sk_psock_drop(sk, psock)\n spin_unlock(\u0026stab-\u003elock)\n release_sock(sk)\n\nThen close(map) enqueues bpf_map_free_deferred, which finally calls\nsock_map_free(). This results in some refcount_t warnings along with\na KASAN splat [1].\n\nFix __sock_map_delete(), do not allow sock_map_unref() on elements that\nmay have been replaced.\n\n[1]:\nBUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330\nWrite of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063\n\nCPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\nWorkqueue: events_unbound bpf_map_free_deferred\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x68/0x90\n print_report+0x174/0x4f6\n kasan_report+0xb9/0x190\n kasan_check_range+0x10f/0x1e0\n sock_map_free+0x10e/0x330\n bpf_map_free_deferred+0x173/0x320\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1202:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n __kasan_slab_alloc+0x85/0x90\n kmem_cache_alloc_noprof+0x131/0x450\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x2c/0x870\n unix_create1+0x88/0x8a0\n unix_create+0xc5/0x180\n __sock_create+0x241/0x650\n __sys_socketpair+0x1ce/0x420\n __x64_sys_socketpair+0x92/0x100\n do_syscall_64+0x93/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 46:\n kasan_save_stack+0x1e/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kmem_cache_free+0x1a1/0x590\n __sk_destruct+0x388/0x5a0\n sk_psock_destroy+0x73e/0xa50\n process_one_work+0x846/0x1420\n worker_thread+0x5b3/0xf80\n kthread+0x29e/0x360\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThe bu\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-56664",
"url": "https://www.suse.com/security/cve/CVE-2024-56664"
},
{
"category": "external",
"summary": "SUSE Bug 1235249 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235249"
},
{
"category": "external",
"summary": "SUSE Bug 1235250 for CVE-2024-56664",
"url": "https://bugzilla.suse.com/1235250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T22:50:13Z",
"details": "important"
}
],
"title": "CVE-2024-56664"
},
{
"cve": "CVE-2025-21702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-21702"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npfifo_tail_enqueue: Drop new packet when sch-\u003elimit == 0\n\nExpected behaviour:\nIn case we reach scheduler\u0027s limit, pfifo_tail_enqueue() will drop a\npacket in scheduler\u0027s queue and decrease scheduler\u0027s qlen by one.\nThen, pfifo_tail_enqueue() enqueue new packet and increase\nscheduler\u0027s qlen by one. Finally, pfifo_tail_enqueue() return\n`NET_XMIT_CN` status code.\n\nWeird behaviour:\nIn case we set `sch-\u003elimit == 0` and trigger pfifo_tail_enqueue() on a\nscheduler that has no packet, the \u0027drop a packet\u0027 step will do nothing.\nThis means the scheduler\u0027s qlen still has value equal 0.\nThen, we continue to enqueue new packet and increase scheduler\u0027s qlen by\none. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by\none and return `NET_XMIT_CN` status code.\n\nThe problem is:\nLet\u0027s say we have two qdiscs: Qdisc_A and Qdisc_B.\n - Qdisc_A\u0027s type must have \u0027-\u003egraft()\u0027 function to create parent/child relationship.\n Let\u0027s say Qdisc_A\u0027s type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`.\n - Qdisc_B\u0027s type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`.\n - Qdisc_B is configured to have `sch-\u003elimit == 0`.\n - Qdisc_A is configured to route the enqueued\u0027s packet to Qdisc_B.\n\nEnqueue packet through Qdisc_A will lead to:\n - hfsc_enqueue(Qdisc_A) -\u003e pfifo_tail_enqueue(Qdisc_B)\n - Qdisc_B-\u003eq.qlen += 1\n - pfifo_tail_enqueue() return `NET_XMIT_CN`\n - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` =\u003e hfsc_enqueue() don\u0027t increase qlen of Qdisc_A.\n\nThe whole process lead to a situation where Qdisc_A-\u003eq.qlen == 0 and Qdisc_B-\u003eq.qlen == 1.\nReplace \u0027hfsc\u0027 with other type (for example: \u0027drr\u0027) still lead to the same problem.\nThis violate the design where parent\u0027s qlen should equal to the sum of its childrens\u0027qlen.\n\nBug impact: This issue can be used for user-\u003ekernel privilege escalation when it is reachable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-21702",
"url": "https://www.suse.com/security/cve/CVE-2025-21702"
},
{
"category": "external",
"summary": "SUSE Bug 1237312 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1237312"
},
{
"category": "external",
"summary": "SUSE Bug 1245797 for CVE-2025-21702",
"url": "https://bugzilla.suse.com/1245797"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T22:50:13Z",
"details": "important"
}
],
"title": "CVE-2025-21702"
},
{
"cve": "CVE-2025-37752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: sch_sfq: move the limit validation\n\nIt is not sufficient to directly validate the limit on the data that\nthe user passes as it can be updated based on how the other parameters\nare changed.\n\nMove the check at the end of the configuration update process to also\ncatch scenarios where the limit is indirectly updated, for example\nwith the following configurations:\n\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 depth 1\ntc qdisc add dev dummy0 handle 1: root sfq limit 2 flows 1 divisor 1\n\nThis fixes the following syzkaller reported crash:\n\n------------[ cut here ]------------\nUBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:203:6\nindex 65535 is out of range for type \u0027struct sfq_head[128]\u0027\nCPU: 1 UID: 0 PID: 3037 Comm: syz.2.16 Not tainted 6.14.0-rc2-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:120\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_out_of_bounds+0xf5/0x120 lib/ubsan.c:429\n sfq_link net/sched/sch_sfq.c:203 [inline]\n sfq_dec+0x53c/0x610 net/sched/sch_sfq.c:231\n sfq_dequeue+0x34e/0x8c0 net/sched/sch_sfq.c:493\n sfq_reset+0x17/0x60 net/sched/sch_sfq.c:518\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n tbf_reset+0x41/0x110 net/sched/sch_tbf.c:339\n qdisc_reset+0x12e/0x600 net/sched/sch_generic.c:1035\n dev_reset_queue+0x100/0x1b0 net/sched/sch_generic.c:1311\n netdev_for_each_tx_queue include/linux/netdevice.h:2590 [inline]\n dev_deactivate_many+0x7e5/0xe70 net/sched/sch_generic.c:1375",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37752",
"url": "https://www.suse.com/security/cve/CVE-2025-37752"
},
{
"category": "external",
"summary": "SUSE Bug 1242504 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1242504"
},
{
"category": "external",
"summary": "SUSE Bug 1245776 for CVE-2025-37752",
"url": "https://bugzilla.suse.com/1245776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T22:50:13Z",
"details": "important"
}
],
"title": "CVE-2025-37752"
},
{
"cve": "CVE-2025-37797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37797"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37797",
"url": "https://www.suse.com/security/cve/CVE-2025-37797"
},
{
"category": "external",
"summary": "SUSE Bug 1242417 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1242417"
},
{
"category": "external",
"summary": "SUSE Bug 1245793 for CVE-2025-37797",
"url": "https://bugzilla.suse.com/1245793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-14-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-04T22:50:13Z",
"details": "important"
}
],
"title": "CVE-2025-37797"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…