Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-38079 (GCVE-0-2025-38079)
Vulnerability from cvelistv5 – Published: 2025-06-18 09:33 – Updated: 2026-06-11 18:44
VLAI
EPSS
Title
crypto: algif_hash - fix double free in hash_accept
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_hash - fix double free in hash_accept
If accept(2) is called on socket type algif_hash with
MSG_MORE flag set and crypto_ahash_import fails,
sk2 is freed. However, it is also freed in af_alg_release,
leading to slab-use-after-free error.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
11 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
fe869cdb89c95d060c77eea20204d6c91f233b53 , < 5bff312b59b3f2a54ff504e4f4e47272b64f3633
(git)
Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < bf7bba75b91539e93615f560893a599c1e1c98bf (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < c3059d58f79fdfb2201249c2741514e34562b547 (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < f0f3d09f53534ea385d55ced408f2b67059b16e4 (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < 134daaba93193df9e988524b5cd2f52d15eb1993 (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < 2f45a8d64fb4ed4830a4b3273834ecd6ca504896 (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < 0346f4b742345d1c733c977f3a7aef5a6419a967 (git) Affected: fe869cdb89c95d060c77eea20204d6c91f233b53 , < b2df03ed4052e97126267e8c13ad4204ea6ba9b6 (git) |
|
| Linux | Linux |
Affected:
2.6.38
Unaffected: 0 , < 2.6.38 (semver) Unaffected: 5.4.294 , ≤ 5.4.* (semver) Unaffected: 5.10.238 , ≤ 5.10.* (semver) Unaffected: 5.15.185 , ≤ 5.15.* (semver) Unaffected: 6.1.141 , ≤ 6.1.* (semver) Unaffected: 6.6.93 , ≤ 6.6.* (semver) Unaffected: 6.12.31 , ≤ 6.12.* (semver) Unaffected: 6.14.9 , ≤ 6.14.* (semver) Unaffected: 6.15 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:33:48.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:04:28.143Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-38079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:41:20.938858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:11.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"crypto/algif_hash.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5bff312b59b3f2a54ff504e4f4e47272b64f3633",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "bf7bba75b91539e93615f560893a599c1e1c98bf",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "c3059d58f79fdfb2201249c2741514e34562b547",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "f0f3d09f53534ea385d55ced408f2b67059b16e4",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "134daaba93193df9e988524b5cd2f52d15eb1993",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "2f45a8d64fb4ed4830a4b3273834ecd6ca504896",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "0346f4b742345d1c733c977f3a7aef5a6419a967",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
},
{
"lessThan": "b2df03ed4052e97126267e8c13ad4204ea6ba9b6",
"status": "affected",
"version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"crypto/algif_hash.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.185",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.14.*",
"status": "unaffected",
"version": "6.14.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.185",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.141",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.93",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.31",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.14.9",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.15",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:20:50.655Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633"
},
{
"url": "https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf"
},
{
"url": "https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547"
},
{
"url": "https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4"
},
{
"url": "https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993"
},
{
"url": "https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896"
},
{
"url": "https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967"
},
{
"url": "https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6"
}
],
"title": "crypto: algif_hash - fix double free in hash_accept",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-38079",
"datePublished": "2025-06-18T09:33:53.251Z",
"dateReserved": "2025-04-16T04:51:23.980Z",
"dateUpdated": "2026-06-11T18:44:11.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-38079",
"date": "2026-06-30",
"epss": "0.00175",
"percentile": "0.07223"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-38079\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-06-18T10:15:41.510\",\"lastModified\":\"2026-06-17T09:16:00.717\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: algif_hash - fix double free in hash_accept\\n\\nIf accept(2) is called on socket type algif_hash with\\nMSG_MORE flag set and crypto_ahash_import fails,\\nsk2 is freed. However, it is also freed in af_alg_release,\\nleading to slab-use-after-free error.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: algif_hash - correcci\u00f3n de doble liberaci\u00f3n en hash_accept. Si se ejecuta accept(2) en el socket tipo algif_hash con el indicador MSG_MORE activado y crypto_ahash_import falla, se libera sk2. Sin embargo, tambi\u00e9n se libera en af_alg_release, lo que genera un error de uso de slab despu\u00e9s de la liberaci\u00f3n.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"crypto/algif_hash.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"fe869cdb89c95d060c77eea20204d6c91f233b53\",\"lessThan\":\"5bff312b59b3f2a54ff504e4f4e47272b64f3633\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"fe869cdb89c95d060c77eea20204d6c91f233b53\",\"lessThan\":\"bf7bba75b91539e93615f560893a599c1e1c98bf\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"fe869cdb89c95d060c77eea20204d6c91f233b53\",\"lessThan\":\"c3059d58f79fdfb2201249c2741514e34562b547\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"fe869cdb89c95d060c77eea20204d6c91f233b53\",\"lessThan\":\"f0f3d09f53534ea385d55ced408f2b67059b16e4\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"fe869cdb89c95d060c77eea20204d6c91f233b53\",\"lessThan\":\"134daaba93193df9e988524b5cd2f52d15eb1993\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"fe869cdb89c95d060c77eea20204d6c91f233b53\",\"lessThan\":\"2f45a8d64fb4ed4830a4b3273834ecd6ca504896\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"fe869cdb89c95d060c77eea20204d6c91f233b53\",\"lessThan\":\"0346f4b742345d1c733c977f3a7aef5a6419a967\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"fe869cdb89c95d060c77eea20204d6c91f233b53\",\"lessThan\":\"b2df03ed4052e97126267e8c13ad4204ea6ba9b6\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"crypto/algif_hash.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"2.6.38\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"2.6.38\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.4.294\",\"lessThanOrEqual\":\"5.4.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.238\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.185\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.141\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.93\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.31\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.14.9\",\"lessThanOrEqual\":\"6.14.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.15\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.5\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-10T20:41:20.938858Z\",\"id\":\"CVE-2025-38079\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.38\",\"versionEndExcluding\":\"5.4.294\",\"matchCriteriaId\":\"A753E03E-FDFB-4EA8-9ABD-A9C013C4FC72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.238\",\"matchCriteriaId\":\"0DAAEF7F-D560-47FC-8B65-20404DB82432\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.185\",\"matchCriteriaId\":\"E11820B2-24BD-40A8-9E6B-5BC447252321\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.141\",\"matchCriteriaId\":\"7CEA8241-A858-4009-B4EE-31C62772811A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.93\",\"matchCriteriaId\":\"50A4A9DE-24AB-4FB4-AACD-85D8EABB0571\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.31\",\"matchCriteriaId\":\"1AE98841-5774-4B45-A81C-2D188DB7E5C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.14.9\",\"matchCriteriaId\":\"A9B72DD1-715C-4101-A720-1C8D70044C06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D465631-2980-487A-8E65-40AE2B9F8ED1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C9D071F-B28E-46EC-AC61-22B913390211\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"13FC0DDE-E513-465E-9E81-515702D49B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C7B5B0E-4EEB-48F5-B4CF-0935A7633845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D240580-3048-49B2-9E27-F115A9DF8224\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"90320558-E553-4EF5-8A0B-0F5D20113BD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"C300BA32-5854-4B59-A00A-18A402F291D0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T17:33:48.696Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.5\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-05-12T12:04:28.143Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-38079\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-10T20:41:20.938858Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-11T17:38:16.154Z\"}}], \"cna\": {\"title\": \"crypto: algif_hash - fix double free in hash_accept\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"fe869cdb89c95d060c77eea20204d6c91f233b53\", \"lessThan\": \"5bff312b59b3f2a54ff504e4f4e47272b64f3633\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fe869cdb89c95d060c77eea20204d6c91f233b53\", \"lessThan\": \"bf7bba75b91539e93615f560893a599c1e1c98bf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fe869cdb89c95d060c77eea20204d6c91f233b53\", \"lessThan\": \"c3059d58f79fdfb2201249c2741514e34562b547\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fe869cdb89c95d060c77eea20204d6c91f233b53\", \"lessThan\": \"f0f3d09f53534ea385d55ced408f2b67059b16e4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fe869cdb89c95d060c77eea20204d6c91f233b53\", \"lessThan\": \"134daaba93193df9e988524b5cd2f52d15eb1993\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fe869cdb89c95d060c77eea20204d6c91f233b53\", \"lessThan\": \"2f45a8d64fb4ed4830a4b3273834ecd6ca504896\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fe869cdb89c95d060c77eea20204d6c91f233b53\", \"lessThan\": \"0346f4b742345d1c733c977f3a7aef5a6419a967\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"fe869cdb89c95d060c77eea20204d6c91f233b53\", \"lessThan\": \"b2df03ed4052e97126267e8c13ad4204ea6ba9b6\", \"versionType\": \"git\"}], \"programFiles\": [\"crypto/algif_hash.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.38\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.38\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.4.294\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.238\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.185\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.141\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.93\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.31\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.14.9\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.14.*\"}, {\"status\": \"unaffected\", \"version\": \"6.15\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"crypto/algif_hash.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633\"}, {\"url\": \"https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf\"}, {\"url\": \"https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547\"}, {\"url\": \"https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4\"}, {\"url\": \"https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993\"}, {\"url\": \"https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896\"}, {\"url\": \"https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967\"}, {\"url\": \"https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: algif_hash - fix double free in hash_accept\\n\\nIf accept(2) is called on socket type algif_hash with\\nMSG_MORE flag set and crypto_ahash_import fails,\\nsk2 is freed. However, it is also freed in af_alg_release,\\nleading to slab-use-after-free error.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.294\", \"versionStartIncluding\": \"2.6.38\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.238\", \"versionStartIncluding\": \"2.6.38\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.185\", \"versionStartIncluding\": \"2.6.38\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.141\", \"versionStartIncluding\": \"2.6.38\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.93\", \"versionStartIncluding\": \"2.6.38\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.31\", \"versionStartIncluding\": \"2.6.38\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.14.9\", \"versionStartIncluding\": \"2.6.38\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.15\", \"versionStartIncluding\": \"2.6.38\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T21:20:50.655Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-38079\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-11T18:44:11.408Z\", \"dateReserved\": \"2025-04-16T04:51:23.980Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-06-18T09:33:53.251Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2025:02860-1
Vulnerability from csaf_suse - Published: 2025-08-19 01:33 - Updated: 2025-08-19 01:33Summary
Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_144 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1244631).
Patchnames: SUSE-2025-2860,SUSE-2025-2861,SUSE-2025-2870,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2861
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_144 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).\n- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1244631).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2860,SUSE-2025-2861,SUSE-2025-2870,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2861",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02860-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02860-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502860-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02860-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041267.html"
},
{
"category": "self",
"summary": "SUSE Bug 1232927",
"url": "https://bugzilla.suse.com/1232927"
},
{
"category": "self",
"summary": "SUSE Bug 1244631",
"url": "https://bugzilla.suse.com/1244631"
},
{
"category": "self",
"summary": "SUSE Bug 1245218",
"url": "https://bugzilla.suse.com/1245218"
},
{
"category": "self",
"summary": "SUSE Bug 1245350",
"url": "https://bugzilla.suse.com/1245350"
},
{
"category": "self",
"summary": "SUSE Bug 1247350",
"url": "https://bugzilla.suse.com/1247350"
},
{
"category": "self",
"summary": "SUSE Bug 1247351",
"url": "https://bugzilla.suse.com/1247351"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2025-08-19T01:33:40Z",
"generator": {
"date": "2025-08-19T01:33:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02860-1",
"initial_release_date": "2025-08-19T01:33:40Z",
"revision_history": [
{
"date": "2025-08-19T01:33:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_133-default-13-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_161-default-4-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sch_multiq: fix possible OOB write in multiq_tune()\n\nq-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic\nafter kmalloc. So the old q-\u003ebands should not be used in kmalloc.\nOtherwise, an out-of-bounds write will occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36978",
"url": "https://www.suse.com/security/cve/CVE-2024-36978"
},
{
"category": "external",
"summary": "SUSE Bug 1226514 for CVE-2024-36978",
"url": "https://bugzilla.suse.com/1226514"
},
{
"category": "external",
"summary": "SUSE Bug 1244631 for CVE-2024-36978",
"url": "https://bugzilla.suse.com/1244631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T01:33:40Z",
"details": "important"
}
],
"title": "CVE-2024-36978"
},
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T01:33:40Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: prio: fix a race in prio_tune()\n\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38083",
"url": "https://www.suse.com/security/cve/CVE-2025-38083"
},
{
"category": "external",
"summary": "SUSE Bug 1245183 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245183"
},
{
"category": "external",
"summary": "SUSE Bug 1245350 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T01:33:40Z",
"details": "important"
}
],
"title": "CVE-2025-38083"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T01:33:40Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_144-default-11-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T01:33:40Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
}
]
}
SUSE-SU-2025:02875-1
Vulnerability from csaf_suse - Published: 2025-08-19 03:03 - Updated: 2025-08-19 03:03Summary
Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_10_11 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
Patchnames: SUSE-2025-2872,SUSE-2025-2875,SUSE-2025-2877,SUSE-2025-2885,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2875,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2866
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_10_11 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2872,SUSE-2025-2875,SUSE-2025-2877,SUSE-2025-2885,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2875,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2866",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02875-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02875-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502875-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02875-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041266.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245218",
"url": "https://bugzilla.suse.com/1245218"
},
{
"category": "self",
"summary": "SUSE Bug 1245350",
"url": "https://bugzilla.suse.com/1245350"
},
{
"category": "self",
"summary": "SUSE Bug 1247350",
"url": "https://bugzilla.suse.com/1247350"
},
{
"category": "self",
"summary": "SUSE Bug 1247351",
"url": "https://bugzilla.suse.com/1247351"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-08-19T03:03:36Z",
"generator": {
"date": "2025-08-19T03:03:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02875-1",
"initial_release_date": "2025-08-19T03:03:36Z",
"revision_history": [
{
"date": "2025-08-19T03:03:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_17-default-19-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_14-default-19-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_25-default-14-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T03:03:36Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: prio: fix a race in prio_tune()\n\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38083",
"url": "https://www.suse.com/security/cve/CVE-2025-38083"
},
{
"category": "external",
"summary": "SUSE Bug 1245183 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245183"
},
{
"category": "external",
"summary": "SUSE Bug 1245350 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T03:03:36Z",
"details": "important"
}
],
"title": "CVE-2025-38083"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T03:03:36Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_83-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_10_11-rt-15-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T03:03:36Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
}
]
}
SUSE-SU-2025:02876-1
Vulnerability from csaf_suse - Published: 2025-08-19 05:03 - Updated: 2025-08-19 05:03Summary
Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_91 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
Patchnames: SUSE-2025-2876,SUSE-2025-2879,SUSE-2025-2880,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2876
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_55_91 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2876,SUSE-2025-2879,SUSE-2025-2880,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2876",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02876-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02876-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502876-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02876-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041263.html"
},
{
"category": "self",
"summary": "SUSE Bug 1232927",
"url": "https://bugzilla.suse.com/1232927"
},
{
"category": "self",
"summary": "SUSE Bug 1245218",
"url": "https://bugzilla.suse.com/1245218"
},
{
"category": "self",
"summary": "SUSE Bug 1245350",
"url": "https://bugzilla.suse.com/1245350"
},
{
"category": "self",
"summary": "SUSE Bug 1247350",
"url": "https://bugzilla.suse.com/1247350"
},
{
"category": "self",
"summary": "SUSE Bug 1247351",
"url": "https://bugzilla.suse.com/1247351"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2025-08-19T05:03:58Z",
"generator": {
"date": "2025-08-19T05:03:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02876-1",
"initial_release_date": "2025-08-19T05:03:58Z",
"revision_history": [
{
"date": "2025-08-19T05:03:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_94-default-5-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_97-default-5-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T05:03:58Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: prio: fix a race in prio_tune()\n\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38083",
"url": "https://www.suse.com/security/cve/CVE-2025-38083"
},
{
"category": "external",
"summary": "SUSE Bug 1245183 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245183"
},
{
"category": "external",
"summary": "SUSE Bug 1245350 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T05:03:58Z",
"details": "important"
}
],
"title": "CVE-2025-38083"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T05:03:58Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_91-default-9-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T05:03:58Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
}
]
}
SUSE-SU-2025:02878-1
Vulnerability from csaf_suse - Published: 2025-08-19 06:03 - Updated: 2025-08-19 06:03Summary
Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)
Description of the patch: This update for the Linux Kernel 4.12.14-122_266 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
Patchnames: SUSE-2025-2878,SUSE-SLE-Live-Patching-12-SP5-2025-2878
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-122_266 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2878,SUSE-SLE-Live-Patching-12-SP5-2025-2878",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02878-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02878-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502878-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02878-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041262.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245218",
"url": "https://bugzilla.suse.com/1245218"
},
{
"category": "self",
"summary": "SUSE Bug 1247350",
"url": "https://bugzilla.suse.com/1247350"
},
{
"category": "self",
"summary": "SUSE Bug 1247351",
"url": "https://bugzilla.suse.com/1247351"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 70 for SLE 12 SP5)",
"tracking": {
"current_release_date": "2025-08-19T06:03:40Z",
"generator": {
"date": "2025-08-19T06:03:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02878-1",
"initial_release_date": "2025-08-19T06:03:40Z",
"revision_history": [
{
"date": "2025-08-19T06:03:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_266-default-2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_266-default-2-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T06:03:40Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T06:03:40Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_266-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T06:03:40Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
}
]
}
SUSE-SU-2025:02883-1
Vulnerability from csaf_suse - Published: 2025-08-19 06:04 - Updated: 2025-08-19 06:04Summary
Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_113 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
Patchnames: SUSE-2025-2883,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2883
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_55_113 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2883,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2883",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02883-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02883-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502883-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02883-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041261.html"
},
{
"category": "self",
"summary": "SUSE Bug 1232927",
"url": "https://bugzilla.suse.com/1232927"
},
{
"category": "self",
"summary": "SUSE Bug 1245218",
"url": "https://bugzilla.suse.com/1245218"
},
{
"category": "self",
"summary": "SUSE Bug 1247350",
"url": "https://bugzilla.suse.com/1247350"
},
{
"category": "self",
"summary": "SUSE Bug 1247351",
"url": "https://bugzilla.suse.com/1247351"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2025-08-19T06:04:21Z",
"generator": {
"date": "2025-08-19T06:04:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02883-1",
"initial_release_date": "2025-08-19T06:04:21Z",
"revision_history": [
{
"date": "2025-08-19T06:04:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T06:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T06:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_113-default-3-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T06:04:21Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
}
]
}
SUSE-SU-2025:02894-1
Vulnerability from csaf_suse - Published: 2025-08-19 09:19 - Updated: 2025-08-19 09:19Summary
Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)
Description of the patch: This update for the Linux Kernel 5.3.18-150300_59_174 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1244631).
Patchnames: SUSE-2025-2894,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2894
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.3.18-150300_59_174 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).\n- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1244631).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2894,SUSE-SLE-Module-Live-Patching-15-SP3-2025-2894",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02894-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02894-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502894-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02894-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041279.html"
},
{
"category": "self",
"summary": "SUSE Bug 1244631",
"url": "https://bugzilla.suse.com/1244631"
},
{
"category": "self",
"summary": "SUSE Bug 1245218",
"url": "https://bugzilla.suse.com/1245218"
},
{
"category": "self",
"summary": "SUSE Bug 1245350",
"url": "https://bugzilla.suse.com/1245350"
},
{
"category": "self",
"summary": "SUSE Bug 1247350",
"url": "https://bugzilla.suse.com/1247350"
},
{
"category": "self",
"summary": "SUSE Bug 1247351",
"url": "https://bugzilla.suse.com/1247351"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)",
"tracking": {
"current_release_date": "2025-08-19T09:19:18Z",
"generator": {
"date": "2025-08-19T09:19:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02894-1",
"initial_release_date": "2025-08-19T09:19:18Z",
"revision_history": [
{
"date": "2025-08-19T09:19:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_3_18-150300_59_174-preempt-15-150300.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_3_18-150300_59_174-preempt-15-150300.2.1.x86_64",
"product_id": "kernel-livepatch-5_3_18-150300_59_174-preempt-15-150300.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sch_multiq: fix possible OOB write in multiq_tune()\n\nq-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic\nafter kmalloc. So the old q-\u003ebands should not be used in kmalloc.\nOtherwise, an out-of-bounds write will occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36978",
"url": "https://www.suse.com/security/cve/CVE-2024-36978"
},
{
"category": "external",
"summary": "SUSE Bug 1226514 for CVE-2024-36978",
"url": "https://bugzilla.suse.com/1226514"
},
{
"category": "external",
"summary": "SUSE Bug 1244631 for CVE-2024-36978",
"url": "https://bugzilla.suse.com/1244631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:19:18Z",
"details": "important"
}
],
"title": "CVE-2024-36978"
},
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:19:18Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: prio: fix a race in prio_tune()\n\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38083",
"url": "https://www.suse.com/security/cve/CVE-2025-38083"
},
{
"category": "external",
"summary": "SUSE Bug 1245183 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245183"
},
{
"category": "external",
"summary": "SUSE Bug 1245350 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:19:18Z",
"details": "important"
}
],
"title": "CVE-2025-38083"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:19:18Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_174-default-15-150300.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:19:18Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
}
]
}
SUSE-SU-2025:02897-1
Vulnerability from csaf_suse - Published: 2025-08-19 09:33 - Updated: 2025-08-19 09:33Summary
Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_150 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1244631).
Patchnames: SUSE-2025-2897,SUSE-2025-2899,SUSE-2025-2904,SUSE-2025-2905,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2898
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_150 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).\n- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1244631).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2897,SUSE-2025-2899,SUSE-2025-2904,SUSE-2025-2905,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2898",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02897-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02897-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502897-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02897-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041277.html"
},
{
"category": "self",
"summary": "SUSE Bug 1232927",
"url": "https://bugzilla.suse.com/1232927"
},
{
"category": "self",
"summary": "SUSE Bug 1244631",
"url": "https://bugzilla.suse.com/1244631"
},
{
"category": "self",
"summary": "SUSE Bug 1245218",
"url": "https://bugzilla.suse.com/1245218"
},
{
"category": "self",
"summary": "SUSE Bug 1245350",
"url": "https://bugzilla.suse.com/1245350"
},
{
"category": "self",
"summary": "SUSE Bug 1247350",
"url": "https://bugzilla.suse.com/1247350"
},
{
"category": "self",
"summary": "SUSE Bug 1247351",
"url": "https://bugzilla.suse.com/1247351"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2025-08-19T09:33:52Z",
"generator": {
"date": "2025-08-19T09:33:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02897-1",
"initial_release_date": "2025-08-19T09:33:52Z",
"revision_history": [
{
"date": "2025-08-19T09:33:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_141-default-12-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_167-default-3-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_153-default-5-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_164-default-4-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sch_multiq: fix possible OOB write in multiq_tune()\n\nq-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic\nafter kmalloc. So the old q-\u003ebands should not be used in kmalloc.\nOtherwise, an out-of-bounds write will occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36978",
"url": "https://www.suse.com/security/cve/CVE-2024-36978"
},
{
"category": "external",
"summary": "SUSE Bug 1226514 for CVE-2024-36978",
"url": "https://bugzilla.suse.com/1226514"
},
{
"category": "external",
"summary": "SUSE Bug 1244631 for CVE-2024-36978",
"url": "https://bugzilla.suse.com/1244631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:33:52Z",
"details": "important"
}
],
"title": "CVE-2024-36978"
},
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:33:52Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: prio: fix a race in prio_tune()\n\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38083",
"url": "https://www.suse.com/security/cve/CVE-2025-38083"
},
{
"category": "external",
"summary": "SUSE Bug 1245183 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245183"
},
{
"category": "external",
"summary": "SUSE Bug 1245350 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:33:52Z",
"details": "important"
}
],
"title": "CVE-2025-38083"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:33:52Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_150-default-5-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:33:52Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
}
]
}
SUSE-SU-2025:02902-1
Vulnerability from csaf_suse - Published: 2025-08-19 09:34 - Updated: 2025-08-19 09:34Summary
Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)
Description of the patch: This update for the Linux Kernel 5.14.21-150500_55_100 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
Patchnames: SUSE-2025-2902,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2902
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150500_55_100 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2902,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2902",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02902-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02902-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502902-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02902-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041276.html"
},
{
"category": "self",
"summary": "SUSE Bug 1232927",
"url": "https://bugzilla.suse.com/1232927"
},
{
"category": "self",
"summary": "SUSE Bug 1245218",
"url": "https://bugzilla.suse.com/1245218"
},
{
"category": "self",
"summary": "SUSE Bug 1245350",
"url": "https://bugzilla.suse.com/1245350"
},
{
"category": "self",
"summary": "SUSE Bug 1247350",
"url": "https://bugzilla.suse.com/1247350"
},
{
"category": "self",
"summary": "SUSE Bug 1247351",
"url": "https://bugzilla.suse.com/1247351"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP5)",
"tracking": {
"current_release_date": "2025-08-19T09:34:27Z",
"generator": {
"date": "2025-08-19T09:34:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02902-1",
"initial_release_date": "2025-08-19T09:34:27Z",
"revision_history": [
{
"date": "2025-08-19T09:34:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:34:27Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: prio: fix a race in prio_tune()\n\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38083",
"url": "https://www.suse.com/security/cve/CVE-2025-38083"
},
{
"category": "external",
"summary": "SUSE Bug 1245183 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245183"
},
{
"category": "external",
"summary": "SUSE Bug 1245350 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:34:27Z",
"details": "important"
}
],
"title": "CVE-2025-38083"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:34:27Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_100-default-4-150500.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:34:27Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
}
]
}
SUSE-SU-2025:02908-1
Vulnerability from csaf_suse - Published: 2025-08-19 09:19 - Updated: 2025-08-19 09:19Summary
Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)
Description of the patch: This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
Patchnames: SUSE-2025-2895,SUSE-2025-2900,SUSE-2025-2901,SUSE-2025-2903,SUSE-2025-2908,SUSE-SLE-Live-Patching-12-SP5-2025-2908,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2901,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2895
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 6.4.0-150600_23_22 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2895,SUSE-2025-2900,SUSE-2025-2901,SUSE-2025-2903,SUSE-2025-2908,SUSE-SLE-Live-Patching-12-SP5-2025-2908,SUSE-SLE-Module-Live-Patching-15-SP5-2025-2901,SUSE-SLE-Module-Live-Patching-15-SP6-2025-2895",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02908-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02908-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502908-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02908-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041278.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245218",
"url": "https://bugzilla.suse.com/1245218"
},
{
"category": "self",
"summary": "SUSE Bug 1245350",
"url": "https://bugzilla.suse.com/1245350"
},
{
"category": "self",
"summary": "SUSE Bug 1247350",
"url": "https://bugzilla.suse.com/1247350"
},
{
"category": "self",
"summary": "SUSE Bug 1247351",
"url": "https://bugzilla.suse.com/1247351"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP6)",
"tracking": {
"current_release_date": "2025-08-19T09:19:36Z",
"generator": {
"date": "2025-08-19T09:19:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02908-1",
"initial_release_date": "2025-08-19T09:19:36Z",
"revision_history": [
{
"date": "2025-08-19T09:19:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1.ppc64le",
"product_id": "kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1.s390x",
"product_id": "kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_261-default-2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_73-default-15-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150600_23_33-default-10-150600.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_261-default-2-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP6",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:19:36Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: prio: fix a race in prio_tune()\n\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38083",
"url": "https://www.suse.com/security/cve/CVE-2025-38083"
},
{
"category": "external",
"summary": "SUSE Bug 1245183 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245183"
},
{
"category": "external",
"summary": "SUSE Bug 1245350 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:19:36Z",
"details": "important"
}
],
"title": "CVE-2025-38083"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:19:36Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-2-2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_80-default-13-150500.2.1.x86_64",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP6:kernel-livepatch-6_4_0-150600_23_22-default-15-150600.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T09:19:36Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
}
]
}
SUSE-SU-2025:02909-1
Vulnerability from csaf_suse - Published: 2025-08-19 12:03 - Updated: 2025-08-19 12:03Summary
Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)
Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_125 fixes several issues.
The following security issues were fixed:
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1244631).
Patchnames: SUSE-2025-2909,SUSE-2025-2910,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2909
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 5.14.21-150400_24_125 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247350).\n- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247351).\n- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245218).\n- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245350).\n- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1244631).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2909,SUSE-2025-2910,SUSE-SLE-Module-Live-Patching-15-SP4-2025-2909",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02909-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02909-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502909-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02909-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041288.html"
},
{
"category": "self",
"summary": "SUSE Bug 1232927",
"url": "https://bugzilla.suse.com/1232927"
},
{
"category": "self",
"summary": "SUSE Bug 1244631",
"url": "https://bugzilla.suse.com/1244631"
},
{
"category": "self",
"summary": "SUSE Bug 1245218",
"url": "https://bugzilla.suse.com/1245218"
},
{
"category": "self",
"summary": "SUSE Bug 1245350",
"url": "https://bugzilla.suse.com/1245350"
},
{
"category": "self",
"summary": "SUSE Bug 1247350",
"url": "https://bugzilla.suse.com/1247350"
},
{
"category": "self",
"summary": "SUSE Bug 1247351",
"url": "https://bugzilla.suse.com/1247351"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-36978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-36978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38079 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-38495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-38495/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)",
"tracking": {
"current_release_date": "2025-08-19T12:03:45Z",
"generator": {
"date": "2025-08-19T12:03:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02909-1",
"initial_release_date": "2025-08-19T12:03:45Z",
"revision_history": [
{
"date": "2025-08-19T12:03:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_147-default-10-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-36978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-36978"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sch_multiq: fix possible OOB write in multiq_tune()\n\nq-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic\nafter kmalloc. So the old q-\u003ebands should not be used in kmalloc.\nOtherwise, an out-of-bounds write will occur.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-36978",
"url": "https://www.suse.com/security/cve/CVE-2024-36978"
},
{
"category": "external",
"summary": "SUSE Bug 1226514 for CVE-2024-36978",
"url": "https://bugzilla.suse.com/1226514"
},
{
"category": "external",
"summary": "SUSE Bug 1244631 for CVE-2024-36978",
"url": "https://bugzilla.suse.com/1244631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T12:03:45Z",
"details": "important"
}
],
"title": "CVE-2024-36978"
},
{
"cve": "CVE-2025-38079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38079"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38079",
"url": "https://www.suse.com/security/cve/CVE-2025-38079"
},
{
"category": "external",
"summary": "SUSE Bug 1245217 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245217"
},
{
"category": "external",
"summary": "SUSE Bug 1245218 for CVE-2025-38079",
"url": "https://bugzilla.suse.com/1245218"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T12:03:45Z",
"details": "important"
}
],
"title": "CVE-2025-38079"
},
{
"cve": "CVE-2025-38083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: prio: fix a race in prio_tune()\n\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\n\nThe race is as follows:\n\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n |\n | [5]: lock root\n | [6]: rehash\n | [7]: qdisc_tree_reduce_backlog()\n |\n[4]: qdisc_put()\n\nThis can be abused to underflow a parent\u0027s qlen.\n\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38083",
"url": "https://www.suse.com/security/cve/CVE-2025-38083"
},
{
"category": "external",
"summary": "SUSE Bug 1245183 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245183"
},
{
"category": "external",
"summary": "SUSE Bug 1245350 for CVE-2025-38083",
"url": "https://bugzilla.suse.com/1245350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T12:03:45Z",
"details": "important"
}
],
"title": "CVE-2025-38083"
},
{
"cve": "CVE-2025-38494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38494"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: do not bypass hid_hw_raw_request\n\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38494",
"url": "https://www.suse.com/security/cve/CVE-2025-38494"
},
{
"category": "external",
"summary": "SUSE Bug 1247349 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247349"
},
{
"category": "external",
"summary": "SUSE Bug 1247350 for CVE-2025-38494",
"url": "https://bugzilla.suse.com/1247350"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T12:03:45Z",
"details": "important"
}
],
"title": "CVE-2025-38494"
},
{
"cve": "CVE-2025-38495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-38495"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: ensure the allocated report buffer can contain the reserved report ID\n\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-38495",
"url": "https://www.suse.com/security/cve/CVE-2025-38495"
},
{
"category": "external",
"summary": "SUSE Bug 1247348 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247348"
},
{
"category": "external",
"summary": "SUSE Bug 1247351 for CVE-2025-38495",
"url": "https://bugzilla.suse.com/1247351"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_125-default-17-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-19T12:03:45Z",
"details": "important"
}
],
"title": "CVE-2025-38495"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…